Описание
CSRF vulnerability in Jenkins Build With Parameters Plugin
Jenkins Build With Parameters Plugin 1.5 and earlier does not require POST requests for its form submission endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to build a project with attacker-specified parameters. Build With Parameters Plugin 1.5.1 requires POST requests for the affected HTTP endpoint.
Пакеты
Наименование
org.jenkins-ci.plugins:build-with-parameters
maven
Затронутые версииВерсия исправления
<= 1.5
1.5.1
Связанные уязвимости
CVSS3: 8.8
nvd
почти 5 лет назад
A cross-site request forgery (CSRF) vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with attacker-specified parameters.