Description

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/12/17/1

https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1681

Related Vulnerabilities

CVE-2023-38647 Vulnerability in maven package org.apache.helix:helix-rest

CVE-2020-2113 Vulnerability in maven package org.jenkins-ci.tools:git-parameter

CVE-2023-30094 Vulnerability in npm package total4

CVE-2019-10760 Vulnerability in npm package safer-eval

CVE-2020-9488 Vulnerability in maven package org.apache.logging.log4j:log4j

Severity

Critical

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory