Количество 2
Количество 2
CVE-2017-1000389
Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting vulnerability. Additionally, some URLs provided by global-build-stats plugin that modify data did not require POST requests to be sent, resulting in a potential cross-site request forgery vulnerability.
GHSA-gw8g-hh47-q4gw
Cross-Site Request Forgery (CSRF) vulnerability in Jenkins global-build-stats plugin
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2017-1000389 Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting vulnerability. Additionally, some URLs provided by global-build-stats plugin that modify data did not require POST requests to be sent, resulting in a potential cross-site request forgery vulnerability. | CVSS3: 6.1 | 0% Низкий | около 8 лет назад |
| GHSA-gw8g-hh47-q4gw Cross-Site Request Forgery (CSRF) vulnerability in Jenkins global-build-stats plugin | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу