Описание
A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID.
A cross-site request forgery (CSRF) vulnerability was found in the config-file-provider Jenkins plugin. The plugin does not require POST requests for an HTTP endpoint which allows attackers to delete configuration files corresponding to an attacker-specified ID.
Дополнительная информация
Статус:
EPSS
6.3 Medium
CVSS3
Связанные уязвимости
A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID.
CSRF vulnerability in Jenkins Config File Provider Plugin allows deleting configuration files
EPSS
6.3 Medium
CVSS3