Описание
CSRF vulnerability in Jenkins CVS Plugin
CVS Plugin 2.15 and earlier does not require POST requests in several HTTP endpoints, resulting in cross-site request forgery (CSRF) vulnerabilities. This allows attackers to create and manipulate tags, and to connect to an attacker-specified URL.
CVS Plugin 2.16 now requires POST requests for the affected HTTP endpoints.
Пакеты
Наименование
org.jenkins-ci.plugins:cvs
maven
Затронутые версииВерсия исправления
<= 2.15
2.16
Связанные уязвимости
CVSS3: 4.3
nvd
почти 6 лет назад
A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL.