WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-35141 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Description

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu.

Remediation

References

https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3135

http://www.openwall.com/lists/oss-security/2023/06/14/5

Related Vulnerabilities

CVE-2012-2378 Vulnerability in maven package org.apache.cxf:cxf-rt-ws-security

CVE-2022-21667 Vulnerability in npm package @soketi/soketi

CVE-2017-7672 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2021-35515 Vulnerability in maven package org.apache.commons:commons-compress

CVE-2021-36749 Vulnerability in maven package org.apache.druid:druid-core

Severity

Critical

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Tags

Vendor Advisory Mailing List Third Party Advisory