Description

A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/09/16/3

https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1904

Related Vulnerabilities

CVE-2021-30109 Vulnerability in npm package froala-editor

CVE-2020-11972 Vulnerability in maven package org.apache.camel:camel-rabbitmq

CVE-2022-36891 Vulnerability in maven package org.jenkins-ci.plugins:deployer-framework

CVE-2022-31367 Vulnerability in npm package strapi-plugin-content-type-builder

CVE-2022-34916 Vulnerability in maven package org.apache.flume.flume-ng-sources:flume-jms-source

Severity

Critical

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory