Description
A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Remediation
References
https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20%281%29
Related Vulnerabilities
CVE-2014-0120 Vulnerability in maven package io.hawt:hawtio-karaf-terminal
CVE-2021-42228 Vulnerability in npm package kindeditor
CVE-2023-32998 Vulnerability in maven package com.rapid7:jenkinsci-appspider-plugin
CVE-2023-24432 Vulnerability in maven package io.jenkins.plugins:macstadium-orka
CVE-2023-37957 Vulnerability in maven package io.jenkins.plugins:pipeline-restful-api