Описание
Cross-site request forgery (CSRF) vulnerability in Jenkins Maven Release Plugin
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.
Пакеты
Наименование
org.jenkins-ci.plugins.m2release:m2release
maven
Затронутые версииВерсия исправления
<= 0.16.1
0.16.2
Связанные уязвимости
CVSS3: 8.8
nvd
около 6 лет назад
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.