CVE-2023-37958

Name of the Vulnerable Software and Affected Versions Jenkins Sumologic Publisher Plugin versions 2.2.1 and earlier

Description A cross-site request forgery (CSRF) vulnerability allows attackers to connect to an attacker-specified URL. The issue arises from a lack of permission check in a method implementing form validation, which can be exploited by attackers with Overall/Read permission. Furthermore, the form validation method does not require POST requests, contributing to the CSRF vulnerability.

Recommendations For Jenkins Sumologic Publisher Plugin versions 2.2.1 and earlier, consider disabling the form validation method until a patch is available to prevent exploitation. Restrict access to the plugin to minimize the risk of attackers connecting to attacker-specified URLs. At the moment, there is no information about a newer version that contains a fix for this vulnerability.