CVE-2023-37959

Name of the Vulnerable Software and Affected Versions Jenkins Sumologic Publisher Plugin versions 2.2.1 and earlier

Description A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL. This issue also results in a cross-site request forgery (CSRF) vulnerability, as the form validation method does not require POST requests.

Recommendations For Jenkins Sumologic Publisher Plugin versions 2.2.1 and earlier, consider disabling the plugin until a patch is available to prevent attackers from connecting to an attacker-specified URL. Restrict access to the plugin's form validation method to minimize the risk of exploitation. Avoid using the plugin with Overall/Read permission until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.