Описание
Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery
A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 requires POST requests and Overall/Administer permission for the affected form validation method.
Пакеты
Наименование
io.jenkins.plugins:cavisson-ns-nd-integration
maven
Затронутые версииВерсия исправления
<= 4.8.0.129
4.8.0.130
Связанные уязвимости
CVSS3: 8.8
nvd
больше 3 лет назад
A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials.