Описание
Jenkins Code Dx Plugin cross-site request forgery vulnerability
Jenkins Code Dx Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints.
This allows attackers with Overall/Read permission to connect to an attacker-specified URL.
Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.
Code Dx Plugin 4.0.0 requires POST requests and the appropriate permissions for the affected HTTP endpoints.
Пакеты
Наименование
org.jenkins-ci.plugins:codedx
maven
Затронутые версииВерсия исправления
< 4.0.0
4.0.0
Связанные уязвимости
CVSS3: 4.3
nvd
больше 2 лет назад
A cross-site request forgery (CSRF) vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL.