Описание
Cross Site Request Forgery in Jenkins Blue Ocean Plugin
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server. Blue Ocean Plugin 1.25.4 requires POST requests and the appropriate permissions for the affected HTTP endpoints.
Пакеты
Наименование
io.jenkins.blueocean:blueocean-parent
maven
Затронутые версииВерсия исправления
< 1.25.4
1.25.4
Связанные уязвимости
CVSS3: 6.5
redhat
больше 3 лет назад
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server.
CVSS3: 6.5
nvd
больше 3 лет назад
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server.