Description
A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/07/26/2
https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-2696
Related Vulnerabilities
CVE-2013-7380 Vulnerability in npm package ep_imageconvert
CVE-2020-13943 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2023-43494 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-37947 Vulnerability in maven package org.openshift.jenkins:openshift-login
CVE-2023-44981 Vulnerability in maven package org.apache.zookeeper:zookeeper