PT-2023-27395 · Jenkins · Jenkins Folders Plugin+1

Kevin Guerroudj

·

Publicado

2023-08-16

·

Atualizado

2023-08-22

·

CVE-2023-40337

CVSS v3.1

4.3

Média

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Jenkins Folders Plugin versions 6.846.v23698686f0f6 and earlier
Description A cross-site request forgery (CSRF) vulnerability allows attackers to copy a view inside a folder. This issue arises because the plugin does not require POST requests for an affected HTTP endpoint, making it vulnerable to CSRF attacks.
Recommendations For Jenkins Folders Plugin versions 6.846.v23698686f0f6 and earlier, update to version 6.848.ve3b fd7839 81 or later, which requires POST requests for the affected HTTP endpoint, thereby mitigating the CSRF vulnerability.

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2023-40337
GHSA-22C3-WHJV-HRFM
RHSA-2024:0777
RHSA-2024:0778

Produtos afetados

Jenkins
Jenkins Folders Plugin