Description

A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/09/16/3

https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1904

Related Vulnerabilities

CVE-2022-45935 Vulnerability in maven package org.apache.james:apache-james-mailbox-store

CVE-2019-15607 Vulnerability in npm package node-red

CVE-2019-8331 Vulnerability in maven package org.webjars.bower:bootstrap

CVE-2019-1003095 Vulnerability in maven package org.jenkins-ci.plugins:perfectomobile

CVE-2022-45690 Vulnerability in maven package cn.hutool:hutool-json

Severity

Critical

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory