Description
A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified report generation options.
Remediation
References
https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2051
Related Vulnerabilities
CVE-2023-24815 Vulnerability in maven package io.vertx:vertx-web
CVE-2016-6795 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2020-11971 Vulnerability in maven package org.apache.camel:camel-spring
CVE-2014-0229 Vulnerability in maven package org.apache.hadoop:hadoop-hdfs
CVE-2018-1000193 Vulnerability in maven package org.jenkins-ci.main:jenkins-core