Description

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/12/17/1

https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1681

Related Vulnerabilities

CVE-2021-30181 Vulnerability in maven package org.apache.dubbo:dubbo

CVE-2023-40037 Vulnerability in maven package org.apache.nifi:nifi-jms-processors

CVE-2020-7602 Vulnerability in npm package node-prompt-here

CVE-2023-25570 Vulnerability in maven package com.ctrip.framework.apollo:apollo

CVE-2019-0193 Vulnerability in maven package org.apache.solr:solr-core

Severity

Critical

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory