Описание
Jenkins Slack Notification Plugin CSRF vulnerability and missing permission checks
A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Пакеты
Наименование
org.jenkins-ci.plugins:slack
maven
Затронутые версииВерсия исправления
<= 2.19
2.20
Связанные уязвимости
CVSS3: 7.1
nvd
почти 7 лет назад
A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.