CVE-2023-30529

Name of the Vulnerable Software and Affected Versions Jenkins Lucene-Search Plugin versions 387.v938a ecb f7fe9 and earlier

Description The issue allows attackers to reindex the database due to the lack of requirement for POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability. This enables attackers to perform unauthorized actions.

Recommendations For versions 387.v938a ecb f7fe9 and earlier, consider disabling access to the affected HTTP endpoint until a patch is available. Restrict access to the database reindexing functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.