Описание
Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.15 (включая)
cpe:2.3:a:jenkins:translation_assistance:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 18%
0.00059
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
CSRF vulnerability in Jenkins Translation Assistance plugin
EPSS
Процентиль: 18%
0.00059
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352