Описание
A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL.
A flaw was found in the Jenkins subversion plugin. The Jenkins subversion plugin allows attackers to connect to an attacker-specified URL. This flaw allows attackers to trick the user into visiting their website that contains a malicious script, allowing submission to the server on behalf of the user.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.11 | jenkins-2-plugins | Out of support scope | ||
| Red Hat OpenShift Container Platform 4 | jenkins-2-plugins | Affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-352
https://bugzilla.redhat.com/show_bug.cgi?id=2074886subversion: CSRF vulnerability in Jenkins Subversion Plugin
4.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 4.3
nvd
почти 4 года назад
A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL.
CVSS3: 4.3
github
почти 4 года назад
CSRF vulnerability in Jenkins Subversion Plugin
4.3 Medium
CVSS3