CVE-2023-40336

Name of the Vulnerable Software and Affected Versions Jenkins Folders Plugin versions 6.846.v23698686f0f6 and earlier

Description A cross-site request forgery (CSRF) vulnerability allows attackers to copy folders, potentially leading to the automatic approval of unsandboxed scripts and the execution of unsafe scripts. This issue arises because the plugin does not require POST requests for a specific HTTP endpoint.

Recommendations For versions 6.846.v23698686f0f6 and earlier, update to version 6.848.ve3b fd7839a 81 or later, which requires POST requests for the affected HTTP endpoint, mitigating the CSRF vulnerability.