Description

A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/09/16/3

https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1904

Related Vulnerabilities

CVE-2019-10359 Vulnerability in maven package org.jenkins-ci.plugins.m2release:m2release

CVE-2020-6463 Vulnerability in npm package electron

CVE-2020-11023 Vulnerability in maven package org.fujion.webjars:jquery

CVE-2016-5019 Vulnerability in maven package org.apache.myfaces.trinidad:trinidad-impl

CVE-2020-7712 Vulnerability in maven package org.webjars.npm:json

Severity

Critical

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory