PT-2018-9204 · Jenkins · Jenkins Release Plugin+1

Jesse Glick

Published

2018-01-23

Updated

2022-05-14

CVE-2018-1000013

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Jenkins Release Plugin versions 2.9 and earlier

Description: The issue allows attackers to trigger release builds due to a CSRF vulnerability. This is because form submissions are not required to be submitted via POST.

Recommendations: For Jenkins Release Plugin versions 2.9 and earlier, consider requiring form submissions to be submitted via POST to mitigate the risk of CSRF attacks.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2018-1000013

GHSA-J2H6-J34W-G5VP

Affected Products

Jenkins

Jenkins Release Plugin

PT-2018-9204 · Jenkins · Jenkins Release Plugin+1

CVE-2018-1000013

Weakness Enumeration

Related Identifiers

Affected Products

References · 5