Description
A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/08/12/4
https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1794%20%282%29
Related Vulnerabilities
CVE-2016-9879 Vulnerability in maven package org.springframework.security:spring-security-web
CVE-2019-14893 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2019-12418 Vulnerability in maven package org.apache.tomcat:tomcat-catalina-jmx-remote
CVE-2019-10468 Vulnerability in maven package com.elasticbox.jenkins-ci.plugins:kubernetes-ci
CVE-2018-1000613 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on