Описание
CSRF vulnerability in Jenkins Shelve Project Plugin
Jenkins Shelve Project Plugin 3.0 and earlier does not require POST requests for HTTP endpoints, resulting in cross-site request forgery (CSRF) vulnerabilities.
These vulnerabilities allow attackers to shelve, unshelve, or delete a project.
Jenkins Shelve Project Plugin 3.1 requires POST requests for the affected HTTP endpoints.
Пакеты
Наименование
org.jenkins-ci.plugins:shelve-project-plugin
maven
Затронутые версииВерсия исправления
<= 3.0
3.1
Связанные уязвимости
CVSS3: 8.1
nvd
около 5 лет назад
A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project.