Description

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/12/17/1

https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1681

Related Vulnerabilities

CVE-2023-44487 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2021-23448 Vulnerability in npm package config-handler

CVE-2017-1000421 Vulnerability in maven package org.webjars:gifsicle

CVE-2019-15599 Vulnerability in npm package tree-kill

CVE-2022-35980 Vulnerability in maven package org.opensearch.plugin:opensearch-security

Severity

Critical

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory