CVE-2023-33004

Name of the Vulnerable Software and Affected Versions Jenkins Tag Profiler Plugin versions 0.2 and earlier

Description A missing permission check in the Jenkins Tag Profiler Plugin allows attackers with Overall/Read permission to reset profiler statistics. This issue also results in a cross-site request forgery (CSRF) vulnerability because the affected HTTP endpoint does not require POST requests.

Recommendations For Jenkins Tag Profiler Plugin versions 0.2 and earlier, as a temporary workaround, consider restricting access to the vulnerable HTTP endpoint until a patch is available. Additionally, restrict the use of the Overall/Read permission to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.