Описание
Cross-Site Request Forgery in the Jenkins Claim plugin
Jenkins Claim Plugin 2.18.1 and earlier does not require POST requests for the form submission endpoint assigning claims, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to change claims.
Jenkins Claim Plugin 2.18.2 requires POST requests for the affected HTTP endpoint.
Пакеты
Наименование
org.jenkins-ci.plugins:claim
maven
Затронутые версииВерсия исправления
< 2.18.2
2.18.2
Связанные уязвимости
CVSS3: 4.3
nvd
почти 5 лет назад
A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plugin 2.18.1 and earlier allows attackers to change claims.