GHSA-q564-vvx8-9388

Опубликовано: 24 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 8.8

Описание

CSRF vulnerability in Jenkins warnings Plugin allows remote code execution

warnings Plugin 5.0.1 and earlier does not require POST requests for a form validation method intended for testing custom warnings parsers, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to execute arbitrary code.

warnings Plugin 5.0.2 requires POST requests for the affected form validation method.

This vulnerability was caused by an incomplete fix to SECURITY-1295.

Ссылки

Пакеты

Наименование

org.jvnet.hudson.plugins:warnings

maven

Затронутые версииВерсия исправления

<= 5.0.1

5.0.2

EPSS

Процентиль: 35%

0.00145

Низкий

8.8 High

CVSS3

CVE ID

CVE-2020-2280

Дефекты

CWE-352

Связанные уязвимости

CVE-2020-2280

CVSS3: 8.8

nvd

больше 5 лет назад

A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code.

EPSS

Процентиль: 35%

0.00145

Низкий

8.8 High

CVSS3

CVE ID

CVE-2020-2280

Дефекты

CWE-352