Description

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/06/14/5

https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3135

Related Vulnerabilities

CVE-2017-12629 Vulnerability in maven package org.apache.lucene:lucene-queryparser

CVE-2019-17573 Vulnerability in maven package org.apache.cxf:cxf-bundle

CVE-2020-13957 Vulnerability in maven package org.apache.solr:solr-solrj

CVE-2021-21266 Vulnerability in maven package org.openhab.addons.bundles:org.openhab.binding.samsungtv

CVE-2022-24913 Vulnerability in maven package com.fasterxml.util:java-merge-sort

Severity

Critical

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory