Описание
CSRF vulnerability in Bazaar Plugin
Jenkins Bazaar Plugin 1.22 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to delete previously created Bazaar SCM tags.
Пакеты
Наименование
org.jenkins-ci.plugins:bazaar
maven
Затронутые версииВерсия исправления
<= 1.22
Отсутствует
Связанные уязвимости
CVSS3: 5.3
nvd
больше 2 лет назад
A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags.