Описание
Jenkins Matrix Reloaded Plugin vulnerable to CSRF
Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability. This vulnerability allows attackers to rebuild previous matrix builds.
Пакеты
Наименование
net.praqma:matrix-reloaded
maven
Затронутые версииВерсия исправления
<= 1.1.3
Отсутствует
Связанные уязвимости
CVSS3: 6.5
nvd
больше 3 лет назад
A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds.