Description
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/06/14/5
https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3135
Related Vulnerabilities
CVE-2020-15170 Vulnerability in maven package com.ctrip.framework.apollo:apollo-adminservice
CVE-2021-39231 Vulnerability in maven package org.apache.ozone:ozone-main
CVE-2022-45385 Vulnerability in maven package org.jenkins-ci.plugins:dockerhub-notification
CVE-2022-25873 Vulnerability in maven package org.webjars.bowergithub.vuetifyjs:vuetify
CVE-2020-2243 Vulnerability in maven package org.jenkins-ci.plugins:vmanager-plugin