Description

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/12/17/1

https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1681

Related Vulnerabilities

CVE-2022-25962 Vulnerability in npm package vagrant.js

CVE-2021-21364 Vulnerability in maven package io.swagger:swagger-codegen

CVE-2020-21125 Vulnerability in maven package com.bstek.ureport:ureport2-console

CVE-2022-0436 Vulnerability in maven package org.webjars.npm:grunt

CVE-2022-42004 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

Severity

Critical

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory