Data Modification Vulnerability in Jenkins Blue Ocean Plugins by CloudBees
CVE-2019-1003012

6.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Blue Ocean Plugins
Vendor: CVE Published:; 6 February 2019

What is CVE-2019-1003012?

A data modification flaw in Jenkins Blue Ocean Plugins makes it possible for unauthorized attackers to circumvent cross-site request forgery (CSRF) protections. This vulnerability affects multiple components within the Blue Ocean API, specifically in files such as bundleStartup.js and fetch.ts. As a result, attackers can exploit this vulnerability to manipulate data and execute unauthorized actions, potentially compromising the integrity of Jenkins instances that utilize these plugins. Users are advised to update to the latest versions to mitigate this risk.