Description
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/06/14/5
https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3135
Related Vulnerabilities
CVE-2019-16557 Vulnerability in maven package com.redgate.plugins.redgatesqlci:redgate-sql-ci
CVE-2019-16574 Vulnerability in maven package com.alauda.jenkins.plugins:alauda-devops-pipeline
CVE-2020-26939 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk15to18
CVE-2020-2138 Vulnerability in maven package org.jenkins-ci.plugins:cobertura