PT-2023-19597 · Jenkins · Jenkins Jira Pipeline Steps Plugin+1
Published
2023-01-24
·
Updated
2023-02-02
·
CVE-2023-24437
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Jenkins JIRA Pipeline Steps Plugin versions 2.0.165.v8846cf59f3db and earlier
Description
A cross-site request forgery (CSRF) issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing credentials stored in Jenkins.
Recommendations
For Jenkins JIRA Pipeline Steps Plugin versions 2.0.165.v8846cf59f3db and earlier, update to a version later than 2.0.165.v8846cf59f3db to resolve the issue.
As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Jira Pipeline Steps Plugin