Описание
Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not require POST requests for an HTTP endpoint, resulting in cross-site request forgery (CSRF) vulnerabilities.
This vulnerability allows attackers to delete Failure Causes.
Build Failure Analyzer Plugin 2.4.2 requires POST requests for the affected HTTP endpoint.
Пакеты
Наименование
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
maven
Затронутые версииВерсия исправления
< 2.4.2
2.4.2
Связанные уязвимости
CVSS3: 4.3
nvd
больше 2 лет назад
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes.