PT-2020-5832 · Jenkins · Jenkins Flaky Test Handler Plugin+1
Wadeck Follonier
·
Published
2020-08-12
·
Updated
2023-10-25
·
CVE-2020-2237
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
Jenkins Flaky Test Handler Plugin versions 1.0.4 and earlier
Description:
The issue is related to a cross-site request forgery (CSRF) vulnerability in the "Deflake this build" feature of the Jenkins Flaky Test Handler Plugin. This vulnerability can be exploited by a remote attacker to perform a cross-site request forgery, allowing them to rebuild a project at a previous git revision where the tests were failing.
Recommendations:
For Jenkins Flaky Test Handler Plugin versions 1.0.4 and earlier, consider requiring POST requests for the "Deflake this build" feature to mitigate the risk of cross-site request forgery (CSRF) attacks.
As a temporary workaround, restrict access to the "Deflake this build" feature until a patch is available.
Avoid using the "Deflake this build" feature in the affected plugin until the issue is resolved.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Flaky Test Handler Plugin