Cross-Site Request Forgery Vulnerability in Jenkins JUnit Plugin
CVE-2018-1000411

6.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Junit
Vendor: CVE Published:; 9 January 2019

Summary

A cross-site request forgery vulnerability is present in the Jenkins JUnit Plugin, allowing unauthorized users to manipulate test result descriptions. This flaw affects versions 1.25 and earlier of the plugin, potentially putting application integrity at risk. It is advisable for users to review and update their installations to safeguard against these security loopholes.

References

https://jenkins.io/security/advisory/2018-09-25/#SECURITY...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/106532

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 9, 2019
Vulnerability Reserved
Jan 9, 2019