Description

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/12/17/1

https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1681

Related Vulnerabilities

CVE-2022-26112 Vulnerability in maven package org.apache.pinot:pinot-broker

CVE-2022-25598 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler

CVE-2020-7710 Vulnerability in npm package safe-eval

CVE-2020-2225 Vulnerability in maven package org.jenkins-ci.plugins:matrix-project

CVE-2021-4264 Vulnerability in maven package org.webjars:dustjs-linkedin

Severity

Critical

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory