Описание
A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job.
A flaw was found in the Jenkins Email Extension Plugin. Affected versions of the Jenkins Email Extension Plugin are vulnerable to cross-site request forgery caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to make another user stop watching an attacker-specified job. An attacker can perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job.
Jenkins Email Extension Plugin Cross-Site Request Forgery vulnerability
EPSS
4.3 Medium
CVSS3