PT-2018-9204 · Jenkins · Jenkins Release Plugin+1

Jesse Glick

·

Publicado

2018-01-23

·

Atualizado

2022-05-14

·

CVE-2018-1000013

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Jenkins Release Plugin versions 2.9 and earlier
Description: The issue allows attackers to trigger release builds due to a CSRF vulnerability. This is because form submissions are not required to be submitted via POST.
Recommendations: For Jenkins Release Plugin versions 2.9 and earlier, consider requiring form submissions to be submitted via POST to mitigate the risk of CSRF attacks.

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2018-1000013
GHSA-J2H6-J34W-G5VP

Produtos afetados

Jenkins
Jenkins Release Plugin