Описание
CSRF vulnerability in Jenkins Translation Assistance plugin
Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator.
Пакеты
Наименование
org.jenkins-ci.plugins:translation
maven
Затронутые версииВерсия исправления
<= 1.15
1.16
Связанные уязвимости
CVSS3: 8.8
nvd
около 8 лет назад
Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator.