Описание
A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | jenkins-plugin-git | Will not fix | ||
| Red Hat OpenShift Container Platform 3.2 | jenkins-plugin-git | Will not fix | ||
| Red Hat OpenShift Container Platform 3.3 | jenkins-plugin-git | Will not fix | ||
| Red Hat OpenShift Container Platform 3.4 | jenkins-plugin-git | Will not fix | ||
| Red Hat OpenShift Container Platform 3.5 | jenkins-plugin-git | Will not fix | ||
| Red Hat OpenShift Container Platform 3.6 | jenkins-plugin-git | Will not fix | ||
| Red Hat OpenShift Container Platform 3.7 | jenkins-plugin-git | Will not fix | ||
| Red Hat OpenShift Container Platform 3.9 | jenkins-plugin-git | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | jenkins-2-plugins | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | atomic-enterprise-service-catalog | Fixed | RHBA-2019:0326 | 20.02.2019 |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-96
https://bugzilla.redhat.com/show_bug.cgi?id=1670292jenkins-plugin-git: CSRF vulnerability in Git Plugin (SECURITY-1095)
EPSS
Процентиль: 71%
0.0069
Низкий
4.6 Medium
CVSS3
Связанные уязвимости
CVSS3: 4.3
nvd
больше 6 лет назад
A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record.
CVSS3: 4.3
github
больше 3 лет назад
Cross-Site Request Forgery in Jenkins Git Plugin
EPSS
Процентиль: 71%
0.0069
Низкий
4.6 Medium
CVSS3