Description
A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Remediation
References
https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2789%20%282%29
Related Vulnerabilities
CVE-2023-24441 Vulnerability in maven package org.jvnet.hudson.plugins:mstest
CVE-2022-43419 Vulnerability in maven package org.jenkins-ci.plugins:katalon
CVE-2023-29526 Vulnerability in maven package org.xwiki.platform:xwiki-platform-rendering-async-api
CVE-2018-1999035 Vulnerability in maven package com.inedo.buildmaster:inedo-buildmaster
CVE-2011-4838 Vulnerability in maven package org.jruby:jruby-core