Описание
CSRF vulnerability in MongoDB Plugin
Jenkins MongoDB Plugin 1.3 and earlier does not perform permission checks in methods implementing form validation.
This allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller.
Additionally, these form validation methods do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.
As of publication of this advisory, there is no fix.
Пакеты
Наименование
org.jenkins-ci.plugins:mongodb
maven
Затронутые версииВерсия исправления
<= 1.3
Отсутствует
Связанные уязвимости
CVSS3: 8.8
nvd
больше 5 лет назад
A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller.