PT-2018-9205 · Jenkins · Jenkins Translation Assistance Plugin+1

Oleg Nenashev

·

Published

2018-01-23

·

Updated

2022-05-14

·

CVE-2018-1000014

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Jenkins Translation Assistance Plugin versions 1.15 and earlier
Description: The issue allows attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator, due to a CSRF vulnerability resulting from not requiring form submissions to be submitted via POST.
Recommendations: For Jenkins Translation Assistance Plugin versions 1.15 and earlier, update to a version that requires form submissions to be submitted via POST to mitigate the risk of CSRF attacks.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2018-1000014
GHSA-PWVJ-6PHX-QV8C

Affected Products

Jenkins
Jenkins Translation Assistance Plugin