CVE-2017-1000093

Name of the Vulnerable Software and Affected Versions Jenkins Poll SCM Plugin (affected versions not specified)

Description The issue allows attackers to initiate polling of projects with a known name due to the plugin not requiring requests to its API to be sent via POST, making it vulnerable to Cross-Site Request Forgery attacks. This undermines the permission added by the plugin to use this functionality.

Recommendations For the Jenkins Poll SCM Plugin, ensure that requests to its API are sent via POST to prevent Cross-Site Request Forgery attacks. As a temporary workaround, consider restricting access to the plugin's API until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.