Описание
Jenkins Pipeline restFul API Plugin vulnerable to Cross Site Request Forgery
Jenkins Pipeline restFul API Plugin 0.11 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to have Jenkins connect to an attacker-specified URL, capturing a newly generated JCLI token that allows impersonating the victim.
Пакеты
Наименование
io.jenkins.plugins:pipeline-restful-api
maven
Затронутые версииВерсия исправления
<= 0.11
Отсутствует
Связанные уязвимости
CVSS3: 8.8
nvd
больше 2 лет назад
A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and earlier allows attackers to connect to an attacker-specified URL, capturing a newly generated JCLI token.