GHSA-mmrv-3cqg-hpf9

Source

https://github.com/advisories/GHSA-mmrv-3cqg-hpf9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mmrv-3cqg-hpf9/GHSA-mmrv-3cqg-hpf9.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-mmrv-3cqg-hpf9

Aliases

CVE-2019-1003007

Published

2022-05-13T01:31:35Z

Modified

2024-02-16T08:06:12.412245Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Sandbox Bypass via CSRF in Jenkins Warnings Plugin

Details

A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint.

Database specific

{
    "nvd_published_at": "2019-02-06T16:29:00Z",
    "cwe_ids": [
        "CWE-352"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-30T22:25:59Z"
}

References

Affected packages

Maven / org.jvnet.hudson.plugins:warnings

Package

Name: org.jvnet.hudson.plugins:warnings; View open source insights on deps.dev
Purl: pkg:maven/org.jvnet.hudson.plugins/warnings

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.0.1

Affected versions

1.*

1.0

1.1

1.2

1.3

1.4

1.5

1.6

1.7

1.8

1.9

1.10

1.11

1.12

1.13

1.14

1.15

1.16

1.17

1.18

1.19

1.20

1.21

1.22

1.23

1.24

1.25

1.26

1.27

1.28

1.29

2.*

2.0

2.1

2.2

2.3

2.4

2.5

2.6

2.7

2.8

2.9

2.10

2.11

2.12

2.13

2.14

3.*

3.0

3.1

3.2

3.3

3.4

3.5

3.6

3.7

3.8

3.9

3.10

3.11

3.12

3.13

3.14

3.15

3.16

3.17

3.18

3.19

3.20

3.21

3.22

3.23

3.24

3.25

3.26

3.27

3.28

4.*

4.0

4.3

4.4

4.5

4.6

4.7

4.9

4.10

4.11

4.12

4.13

4.14

4.15

4.16

4.17

4.18

4.19

4.20

4.21

4.23

4.25

4.26

4.27

4.28

4.29

4.30

4.31

4.32

4.33

4.35

4.36

4.37

4.38

4.39

4.40

4.41

4.42

4.43

4.44

4.45

4.46

4.47

4.48

4.49

4.50

4.51

4.52

4.53

4.54

4.55

4.56

4.57

4.58

4.59

4.60

4.61

4.62

4.63

4.64

4.65

4.66

4.67

4.68

5.*

5.0.0-beta2

5.0.0-beta3

5.0.0-beta4

5.0.0

Database specific

{
    "last_known_affected_version_range": "<= 5.0.0"
}