Description

A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/09/16/3

https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1904

Related Vulnerabilities

CVE-2019-18797 Vulnerability in maven package org.webjars.npm:node-sass

CVE-2020-10591 Vulnerability in maven package com.walmartlabs.concord.server:concord-server-impl

CVE-2021-32662 Vulnerability in npm package techdocs-common

CVE-2019-16566 Vulnerability in maven package org.jenkins-ci.plugins:teamconcert

CVE-2020-7712 Vulnerability in maven package org.webjars.npm:json

Severity

Critical

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory