Описание
Jenkins CAS Plugin Server-Side Request Forgery vulnerability
A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. Additionally, this form validation method did not require POST requests, resulting in a CSRF vulnerability. As of version 1.4.2, this form validation method requires POST requests and the Overall/Administer permission.
Пакеты
org.jenkins-ci.plugins:cas-plugin
<= 1.4.1
1.4.2
Связанные уязвимости
A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.