GHSA-m5cw-c64p-77h6

Source

https://github.com/advisories/GHSA-m5cw-c64p-77h6

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-m5cw-c64p-77h6/GHSA-m5cw-c64p-77h6.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-m5cw-c64p-77h6

Aliases

CVE-2022-29048

Published

2022-04-13T00:00:16Z

Modified

2024-02-16T08:22:17.461231Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

CSRF vulnerability in Jenkins Subversion Plugin

Details

Subversion Plugin 2.15.3 and earlier does not require POST requests for several form validation methods, resulting in cross-site request forgery (CSRF) vulnerabilities.

These vulnerabilities allow attackers to connect to an attacker-specified URL.

Database specific

{
    "nvd_published_at": "2022-04-12T20:15:00Z",
    "cwe_ids": [
        "CWE-352"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-01T23:49:29Z"
}

References

Affected packages

Maven / org.jenkins-ci.plugins:subversion

Package

Name: org.jenkins-ci.plugins:subversion; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/subversion

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.15.4

Affected versions

1.*

1.24

1.25

1.26

1.28

1.29

1.30

1.31

1.32

1.33

1.34

1.35

1.36

1.37

1.38

1.39

1.40

1.41

1.42

1.43

1.44

1.45

1.48

1.50

1.51

1.53

1.54

2.*

2.0-alpha-1

2.0-beta-1

2.0

2.1

2.2

2.3

2.4

2.4.1

2.4.2

2.4.3

2.4.4

2.4.5

2.5-beta-1

2.5-beta-2

2.5-beta-3

2.5-beta-4

2.5

2.5.1

2.5.2

2.5.3

2.5.4

2.5.5

2.5.6

2.5.7

2.6

2.7.1

2.7.1.1

2.7.2

2.8

2.9

2.10

2.10.1

2.10.2

2.10.3

2.10.4

2.10.5

2.10.6

2.11.0

2.11.1

2.12.0

2.12.1

2.12.2

2.13.0

2.13.1

2.13.2

2.14.0

2.14.1

2.14.2

2.14.3

2.14.4

2.14.5

2.15.0

2.15.1

2.15.2

2.15.3