Описание
Jenkins Email Extension Plugin Cross-Site Request Forgery vulnerability
Jenkins Email Extension Plugin 2.96 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
This allows attackers to make another user stop watching an attacker-specified job.
Email Extension Plugin 2.96.1 requires POST requests for the affected HTTP endpoint.
Пакеты
org.jenkins-ci.plugins:email-ext
< 2.96.1
2.96.1
Связанные уязвимости
A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job.
A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job.