Description

A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/09/16/3

https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1904

Related Vulnerabilities

CVE-2023-40340 Vulnerability in maven package org.jenkins-ci.plugins:nodejs

CVE-2019-16728 Vulnerability in maven package org.webjars.npm:dompurify

CVE-2019-19771 Vulnerability in npm package ecuvre

CVE-2021-32796 Vulnerability in npm package xmldom

CVE-2023-34189 Vulnerability in maven package org.apache.inlong:manager-web

Severity

Critical

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory