Description

A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.

Remediation

References

http://www.securityfocus.com/bid/107790

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-979

Related Vulnerabilities

CVE-2017-2582 Vulnerability in maven package org.keycloak:keycloak-saml-core

CVE-2017-1000404 Vulnerability in maven package se.diabol.jenkins.pipeline:delivery-pipeline-plugin

CVE-2016-10640 Vulnerability in npm package node-thulac

CVE-2016-10630 Vulnerability in npm package install-g-test

CVE-2020-8268 Vulnerability in npm package json8-merge-patch

Severity

High

Classification

CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Third Party Advisory Vendor Advisory