GHSA-22c3-whjv-hrfm
Suggest an improvement- Source
- https://github.com/advisories/GHSA-22c3-whjv-hrfm
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-22c3-whjv-hrfm/GHSA-22c3-whjv-hrfm.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-22c3-whjv-hrfm
- Aliases
- Published
- 2023-08-16T15:30:17Z
- Modified
- 2024-02-16T08:08:48.548868Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- Jenkins Folders Plugin cross-site request forgery vulnerability
- Details
-
Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to copy a view inside a folder.
Folders Plugin 6.848.ve3bfd7839a81 requires POST requests for the affected HTTP endpoint.
- Database specific
{ "cwe_ids": [ "CWE-352" ], "github_reviewed_at": "2023-08-16T21:14:04Z", "nvd_published_at": "2023-08-16T15:15:11Z", "severity": "MODERATE", "github_reviewed": true }- References
Affected packages
Maven / org.jenkins-ci.plugins:cloudbees-folder
Package
- Name
- org.jenkins-ci.plugins:cloudbees-folder
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/cloudbees-folder
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.848.ve3b
Affected versions
4.*
4.0
4.0.1
4.1
4.2
4.2.1
4.2.2
4.2.3
4.3
4.4
4.5
4.6
4.6.1
4.7
4.8
4.9
4.10
4.11-beta-1
5.*
5.0
5.1-beta-1
5.1-beta-2
5.1
5.2
5.2.1
5.2.2
5.3
5.4
5.5
5.6
5.7
5.8
5.9
5.10
5.11
5.12
5.13
5.14
5.15
5.16
5.17-beta-1
5.17
5.18
6.*
6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.1.0
6.1.1
6.1.2
6.2.0
6.2.1
6.3
6.4
6.5
6.5.1
6.6
6.7
6.8
6.9
6.10.0
6.10.1
6.11
6.11.1
6.12
6.13
6.14
6.15
6.16
6.17
6.18
6.688.vfc7a_a_69059e0
6.708.ve61636eb_65a_5
6.714.v79e858ef76a_2
6.722.v8165b_a_cf25e9
6.729.v2b_9d1a_74d673
6.736.v5f554b_b_a_52b_3
6.740.ve4f4ffa_dea_54
6.758.vfd75d09eea_a_1
6.766.v6df9a_0e638ef
6.770.ve57b_a_fb_6a_67c
6.773.vd2dcc704ee7e
6.784.vc60058fa_f269
6.792.v495e640810da
6.795.v3e23d3c6f194
6.797.v8df9950d783b
6.800.v71307ca_b_986b
6.815.v0dd5a_cb_40e0e
6.846.v23698686f0f6