Description

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/06/14/5

https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3135

Related Vulnerabilities

CVE-2020-7699 Vulnerability in npm package express-fileupload

CVE-2018-13339 Vulnerability in npm package angular-redactor

CVE-2018-15494 Vulnerability in npm package dojox

CVE-2023-35148 Vulnerability in maven package org.jenkins-ci.plugins:ease-plugin

CVE-2019-17572 Vulnerability in maven package org.apache.rocketmq:rocketmq-broker

Severity

Critical

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory