Description

A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL.

Remediation

References

https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2240

Related Vulnerabilities

CVE-2023-22899 Vulnerability in maven package net.lingala.zip4j:zip4j

CVE-2020-2286 Vulnerability in maven package org.jenkins-ci.plugins:role-strategy

CVE-2021-22113 Vulnerability in maven package org.springframework.cloud:spring-cloud-netflix-zuul

CVE-2019-10247 Vulnerability in maven package org.eclipse.jetty:jetty-server

CVE-2014-3665 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

High

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Vendor Advisory