Description
A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record.
Remediation
References
https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1095
https://access.redhat.com/errata/RHBA-2019:0326
https://access.redhat.com/errata/RHBA-2019:0327
Related Vulnerabilities
CVE-2010-1244 Vulnerability in maven package org.apache.activemq:activemq-web
CVE-2022-37022 Vulnerability in maven package org.apache.geode:geode-core
CVE-2022-43412 Vulnerability in maven package org.jenkins-ci.plugins:generic-webhook-trigger
CVE-2017-4963 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-uaa
CVE-2023-35153 Vulnerability in maven package org.xwiki.platform:xwiki-platform-appwithinminutes-ui