Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-mqj3-fc39-73fj

Опубликовано: 24 мая 2022
Источник: github
Github: Прошло ревью
CVSS3: 6.5

Описание

Cross-site request forgery vulnerability in Jenkins Artifactory Plugin

A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedPromoteBuildAction#doSubmit allowed attackers to schedule a release build, perform release staging for Gradle and Maven projects, and promote previously staged builds, respectively.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:artifactory

maven
Затронутые версииВерсия исправления

<= 3.2.2

3.2.3

EPSS

Процентиль: 33%
0.00133
Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2019-10324

Дефекты

CWE-352

Связанные уязвимости

nvd логотип

CVE-2019-10324

CVSS3: 6.5
nvd
больше 6 лет назад

A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedPromoteBuildAction#doSubmit allowed attackers to schedule a release build, perform release staging for Gradle and Maven projects, and promote previously staged builds, respectively.

EPSS

Процентиль: 33%
0.00133
Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2019-10324

Дефекты

CWE-352