Описание
CSRF vulnerability in Jenkins Fortify on Demand Plugin
A cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs.
This form validation method requires appropriate permission in Fortify on Demand Plugin 6.0.0.
Пакеты
Наименование
org.jenkins-ci.plugins:fortify-on-demand-uploader
maven
Затронутые версииВерсия исправления
<= 5.0.1
6.0.0
Связанные уязвимости
CVSS3: 4.3
nvd
больше 5 лет назад
A cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs.