CVE-2023-33003

Name of the Vulnerable Software and Affected Versions Jenkins Tag Profiler Plugin versions 0.2 and earlier

Description A cross-site request forgery (CSRF) vulnerability allows attackers to reset profiler statistics. The issue arises because the plugin does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to exploit this vulnerability. Furthermore, the HTTP endpoint does not require POST requests, contributing to the CSRF vulnerability.

Recommendations For Jenkins Tag Profiler Plugin versions 0.2 and earlier, as a temporary workaround, consider restricting access to the vulnerable HTTP endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.