CVE-2023-3414

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Plug-in for ServiceNow DevOps versions prior to 1.38.1

Description A cross-site request forgery issue exists that could cause the unwanted exposure of sensitive information if exploited successfully.

Recommendations For versions prior to 1.38.1, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform.

Fix

CSRF

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352CWE-200

Related Identifiers

CVE-2023-3414

GHSA-RCHX-RVH2-VX5J

Affected Products

Jenkins

Jenkins Plug-In For Servicenow Devops

CVE-2023-3414

Weakness Enumeration

Related Identifiers

Affected Products

References · 9