Description
A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Remediation
References
https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2772%20%282%29
Related Vulnerabilities
CVE-2021-3637 Vulnerability in maven package org.keycloak:keycloak-model-infinispan
CVE-2018-1000602 Vulnerability in maven package org.jenkins-ci.plugins:saml
CVE-2023-32313 Vulnerability in maven package org.webjars.npm:vm2
CVE-2023-37476 Vulnerability in maven package org.openrefine:main
CVE-2019-1003065 Vulnerability in maven package org.jenkins-ci.plugins:cloudshare-docker