PT-2026-55157 · Maven · Org.Jenkins-Ci.Plugins:Github-Integration-Parent
Published
2026-05-27
·
Updated
2026-05-27
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Jenkins GitHub Integration Plugin 0.7.3 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to trigger a build for a pull request.
GitHub Integration Plugin 0.7.4 requires POST requests for the affected HTTP endpoint.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Org.Jenkins-Ci.Plugins:Github-Integration-Parent