Описание
Jenkins Assembla Auth Plugin vulnerable to cross-site request forgery
Jenkins Assembla Auth Plugin 1.14 and earlier does not implement a state parameter in its OAuth flow, a unique and non-guessable value associated with each authentication request.
This vulnerability allows attackers to trick users into logging in to the attacker’s account.
Пакеты
Наименование
org.jenkins-ci.plugins:assembla-auth
maven
Затронутые версииВерсия исправления
<= 1.14
Отсутствует
Связанные уязвимости
CVSS3: 8.8
nvd
больше 2 лет назад
A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account.