Description

A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/09/16/3

https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1904

Related Vulnerabilities

CVE-2019-10373 Vulnerability in maven package org.jenkins-ci.plugins:build-pipeline-plugin

CVE-2020-2210 Vulnerability in maven package org.jenkins-ci.plugins:stashbranchparameter

CVE-2022-41253 Vulnerability in maven package org.jenkins-ci.plugins:cons3rt

CVE-2021-21353 Vulnerability in maven package org.webjars.npm:pug-code-gen

CVE-2021-23543 Vulnerability in npm package realms-shim

Severity

Critical

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory