Описание
CSRF vulnerability in Jenkins Xray - Test Management for Jira Plugin allows capturing credentials
Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not require POST requests for a connection test method, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Jenkins Xray - Test Management for Jira Plugin 2.4.1 requires POST requests for the affected connection test method.
Пакеты
org.jenkins-ci.plugins:xray-connector
< 2.4.1
2.4.1
Связанные уязвимости
A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.