Описание
Jenkins Resource Disposer Plugin allows attacker to stop tracking specified resource
A data modification vulnerability exists in Jenkins Resource Disposer Plugin 0.11 and earlier in AsyncResourceDisposer.java that allows attackers to stop tracking a specified resource. Additionally, this API endpoint did not require POST requests, resulting in a CSRF vulnerability. As of version 0.12, this API endpoint requires POST requests and Overall/Administer permissions.
Пакеты
Наименование
org.jenkins-ci.plugins:resource-disposer
maven
Затронутые версииВерсия исправления
<= 0.11
0.12
Связанные уязвимости
CVSS3: 4.3
nvd
больше 7 лет назад
A data modification vulnerability exists in Jenkins Resource Disposer Plugin 0.11 and earlier in AsyncResourceDisposer.java that allows attackers to stop tracking a resource.