GHSA-8r93-59cf-358f
Suggest an improvement- Source
- https://github.com/advisories/GHSA-8r93-59cf-358f
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-8r93-59cf-358f/GHSA-8r93-59cf-358f.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-8r93-59cf-358f
- Aliases
-
- CVE-2024-23902
- Published
- 2024-01-24T18:31:02Z
- Modified
- 2024-02-16T08:23:15.408356Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- CSRF vulnerability in Jenkins GitLab Branch Source Plugin
- Details
-
Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier does not require POST requests for a form validation endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to connect to an attacker-specified URL.
GitLab Branch Source Plugin 688.v5fa_356ee8520 requires POST requests for the affected form validation endpoint.
- Database specific
{ "nvd_published_at": "2024-01-24T18:15:09Z", "cwe_ids": [ "CWE-352" ], "github_reviewed_at": "2024-01-24T21:50:26Z", "severity": "MODERATE", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-23902
- https://github.com/jenkinsci/gitlab-branch-source-plugin/commit/5fa356ee852091af900498db07259afe78d7aad2
- https://github.com/jenkinsci/gitlab-branch-source-plugin
- https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3251
- http://www.openwall.com/lists/oss-security/2024/01/24/6
Affected packages
Maven / io.jenkins.plugins:gitlab-branch-source
Package
- Name
- io.jenkins.plugins:gitlab-branch-source
- View open source insights on deps.dev
- Purl
- pkg:maven/io.jenkins.plugins/gitlab-branch-source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed688.v5fa
Affected versions
0.*
0.0.5-alpha-2
0.0.7-beta
0.0.8-beta
1.*
1.0.0
1.1.0
1.1.1-alpha
1.1.2-alpha
1.2.0
1.2.1
1.2.2
1.3.0
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.5.9
621.*
621.vd49608f876da_
623.*
623.vcc98dc4b_0ce4
625.*
625.v85cf3a_400cfe
628.*
628.ve99e3d4df4b_8
629.*
629.vb_cc76608e806
630.*
630.v04ca_c57fa_880
633.*
633.ved9984f943da_
636.*
636.v55fd8144d335
640.*
640.v7101b_1c0def9
642.*
642.v9ed86b_b_54384
643.*
643.vdc12a_4a_06434
644.*
644.va_a_66886e07b_5
645.*
645.v62a_b_6fce8659
646.*
646.vb_9560d64b_69f
647.*
647.vdee7766b_cfa_e
649.*
649.v0dda_db_88b_5ee
650.*
650.va_d1ce6d01959
659.*
659.va_685a_51fda_db_
660.*
660.vd45c0f4c0042
663.*
663.v2602c3e6376d
664.*
664.v877fdc293c89
670.*
670.vf7df45517001
671.*
671.v67b_7169092ca_
672.*
672.vd8b_0b_b_a_db_1b_3
677.*
677.v0b_63b_038322b_
679.*
679.v1dfd3604d46e
680.*
680.vc179a_1a_37915
684.*
684.vea_fa_7c1e2fe3