CVE-2025-24402

Name of the Vulnerable Software and Affected Versions Jenkins Azure Service Fabric Plugin versions 1.6 and earlier

Description A Cross-Site Request Forgery (CSRF) issue allows attackers to connect to a Service Fabric URL using attacker-specified credentials IDs obtained through another method. This enables attackers to potentially access sensitive information or perform unauthorized actions.

Recommendations For Jenkins Azure Service Fabric Plugin versions 1.6 and earlier, consider disabling the plugin until a patch is available to prevent exploitation of the CSRF vulnerability. Restrict access to the Service Fabric URL to minimize the risk of unauthorized connections. Avoid using attacker-specified credentials IDs in the affected plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.