GHSA-vjf8-xw6c-wjhq

Source

https://github.com/advisories/GHSA-vjf8-xw6c-wjhq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vjf8-xw6c-wjhq/GHSA-vjf8-xw6c-wjhq.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-vjf8-xw6c-wjhq

Aliases

CVE-2020-2237

Published

2022-05-24T17:25:25Z

Modified

2023-11-08T04:02:59.062837Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

CSRF vulnerability in Jenkins Flaky Test Handler Plugin

Details

Flaky Test Handler Plugin 1.0.4 and earlier does not require POST requests for the "Deflake this build" feature, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to rebuild a project at a previous git revision where the tests were failing.

Database specific

{
    "nvd_published_at": "2020-08-12T14:15:00Z",
    "github_reviewed_at": "2022-12-20T22:14:19Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-352"
    ]
}

References

Affected packages

Maven / org.jenkins-ci.plugins:flaky-test-handler

Package

Name: org.jenkins-ci.plugins:flaky-test-handler; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/flaky-test-handler

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.0

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4