Description
A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Remediation
References
https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20%281%29
Related Vulnerabilities
CVE-2020-2268 Vulnerability in maven package org.jenkins-ci.plugins:mongodb
CVE-2019-10315 Vulnerability in maven package org.jenkins-ci.plugins:github-oauth
CVE-2022-41227 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration
CVE-2023-49396 Vulnerability in maven package com.jfinal:jfinal
CVE-2023-3414 Vulnerability in maven package io.jenkins.plugins:servicenow-devops