Description

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.

Remediation

References

https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1681

http://www.openwall.com/lists/oss-security/2019/12/17/1

Related Vulnerabilities

CVE-2021-32621 Vulnerability in maven package org.xwiki.platform:xwiki-platform-dashboard-macro

CVE-2022-31147 Vulnerability in maven package org.webjars.npm:jquery-validation

CVE-2014-7193 Vulnerability in npm package crumb

CVE-2019-1003022 Vulnerability in maven package org.jvnet.hudson.plugins:monitoring

CVE-2023-26109 Vulnerability in npm package node-bluetooth-serial-port

Severity

Critical

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Vendor Advisory Mailing List Third Party Advisory