CVE-2023-37954

Name of the Vulnerable Software and Affected Versions Jenkins Rebuilder Plugin versions 320.v5a 0933a e7d61 and earlier

Description A cross-site request forgery (CSRF) vulnerability allows attackers to rebuild a previous build. This issue arises because the plugin does not require POST requests for an HTTP endpoint, making it vulnerable to CSRF attacks.

Recommendations For Jenkins Rebuilder Plugin versions 320.v5a 0933a e7d61 and earlier, consider disabling the rebuild functionality until a patch is available to prevent exploitation of the CSRF vulnerability. Restrict access to the affected HTTP endpoint to minimize the risk of rebuilding previous builds. At the moment, there is no information about a newer version that contains a fix for this vulnerability.