Описание
Jenkins OpenID Plugin CSRF vulnerability
A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.
Ссылки
Пакеты
Наименование
org.jenkins-ci.plugins:openid
maven
Затронутые версииВерсия исправления
< 2.4
2.4
Связанные уязвимости
CVSS3: 6.5
nvd
почти 7 лет назад
A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.