Описание
Jenkins Job Import Plugin CSRF vulnerability
A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration.
Пакеты
Наименование
org.jenkins-ci.plugins:job-import-plugin
maven
Затронутые версииВерсия исправления
<= 3.0
3.1
Связанные уязвимости
CVSS3: 5.3
nvd
около 7 лет назад
A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration.