Описание
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu.
Ссылки
- Mailing ListThird Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.400 (исключая)Версия до 2.401.1 (исключая)
Одно из
cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*
cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
EPSS
Процентиль: 26%
0.00092
Низкий
8 High
CVSS3
Дефекты
CWE-352
CWE-352
Связанные уязвимости
CVSS3: 8
redhat
больше 2 лет назад
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu.
CVSS3: 8
debian
больше 2 лет назад
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests a ...
EPSS
Процентиль: 26%
0.00092
Низкий
8 High
CVSS3
Дефекты
CWE-352
CWE-352