Description

A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/09/16/3

https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1904

Related Vulnerabilities

CVE-2022-29161 Vulnerability in maven package org.xwiki.platform:xwiki-platform-crypto

CVE-2020-28282 Vulnerability in npm package getobject

CVE-2020-9498 Vulnerability in maven package org.apache.guacamole:guacamole

CVE-2023-25805 Vulnerability in npm package versionn

CVE-2019-1003029 Vulnerability in maven package org.jenkins-ci.plugins:script-security

Severity

Critical

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory