Description

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.

Remediation

References

https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1681

http://www.openwall.com/lists/oss-security/2019/12/17/1

Related Vulnerabilities

CVE-2023-32999 Vulnerability in maven package com.rapid7:jenkinsci-appspider-plugin

CVE-2018-10899 Vulnerability in maven package org.jolokia:jolokia-core

CVE-2018-1000014 Vulnerability in maven package org.jenkins-ci.plugins:translation

CVE-2022-22965 Vulnerability in maven package org.springframework:spring-beans

CVE-2022-44729 Vulnerability in maven package org.apache.xmlgraphics:batik-bridge

Severity

Critical

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Vendor Advisory Mailing List Third Party Advisory