PT-2023-19612 · Jenkins · Jenkins Testquality Updater Plugin+1

Kevin Guerroudj

Published

2023-01-24

Updated

2023-02-02

CVE-2023-24452

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jenkins TestQuality Updater Plugin versions 1.3 and earlier

Description A cross-site request forgery (CSRF) issue allows attackers to connect to an attacker-specified URL using attacker-specified username and password. This enables attackers to perform unauthorized actions.

Recommendations For Jenkins TestQuality Updater Plugin versions 1.3 and earlier, update to a version later than 1.3 to resolve the issue. As a temporary workaround, consider restricting access to the plugin to minimize the risk of exploitation.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2023-24452

GHSA-PX2F-CQRF-F2QG

Affected Products

Jenkins

Jenkins Testquality Updater Plugin

PT-2023-19612 · Jenkins · Jenkins Testquality Updater Plugin+1

CVE-2023-24452

Weakness Enumeration

Related Identifiers

Affected Products

References · 5