Описание
A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
A cross-site request forgery (CSRF) vulnerability was found in the Jenkins Mailer plugin. The form validation method does not require POST requests.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.11 | jenkins | Affected | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins-2-plugins | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | jenkins | Affected | ||
| Red Hat OpenShift Container Platform 4 | jenkins-2-plugins | Affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-352
https://bugzilla.redhat.com/show_bug.cgi?id=2044487jenkins-2-plugins/mailer: form validation method does not require POST requests which could lead to CSRF
4.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 4.3
nvd
около 4 лет назад
A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
CVSS3: 4.3
github
около 4 лет назад
Cross-Site Request Forgery in Jenkins Mailer Plugin
4.3 Medium
CVSS3