Описание
A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.11 | jenkins-2-plugins | Will not fix | ||
| Red Hat OpenShift Container Platform 4.10 | jenkins-2-plugins | Fixed | RHSA-2023:0560 | 08.02.2023 |
| Red Hat OpenShift Container Platform 4.8 | jenkins-2-plugins | Fixed | RHSA-2023:0017 | 12.01.2023 |
| Red Hat OpenShift Container Platform 4.9 | jenkins-2-plugins | Fixed | RHSA-2023:0777 | 23.02.2023 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-352
https://bugzilla.redhat.com/show_bug.cgi?id=2119643plugin: CSRF vulnerability in Script Security Plugin
4.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 4.3
nvd
больше 3 лет назад
A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver.
CVSS3: 4.3
github
больше 3 лет назад
CSRF vulnerability in Jenkins Script Security Plugin
4.3 Medium
CVSS3