Описание
CSRF vulnerability in Config File Provider Plugin
A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions.
Пакеты
Наименование
org.jenkins-ci.plugins:config-file-provider
maven
Затронутые версииВерсия исправления
<= 3.1
3.2
Связанные уязвимости
CVSS3: 8.1
nvd
около 7 лет назад
A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions.