GHSA-6mgr-3374-4p3c

Опубликовано: 29 окт. 2025

Источник: github

Github: Прошло ревью

CVSS3: 4.3

Описание

Jenkins Start Windocks Containers Plugin vulnerable to cross-site request forgery

Jenkins Start Windocks Containers Plugin 1.4 and earlier does not perform a permission check in an HTTP endpoint.

This allows attackers with Overall/Read permission to connect to an attacker-specified URL.

Additionally, this endpoint does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

As of publication of this advisory, there is no fix.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:windocks-start-container

maven

Затронутые версииВерсия исправления

<= 1.4

Отсутствует

EPSS

Процентиль: 5%

0.00021

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2025-64138

Дефекты

CWE-352

Связанные уязвимости

CVE-2025-64138

CVSS3: 4.3

nvd

3 месяца назад

A cross-site request forgery (CSRF) vulnerability in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL.

EPSS

Процентиль: 5%

0.00021

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2025-64138

Дефекты

CWE-352