Cross-Site Request Forgery in Jenkins Slack Notification Plugin
CVE-2019-1003044
7.1HIGH
Key Information:
- Vendor
Jenkins
- Vendor
- CVE Published:
- 28 March 2019
What is CVE-2019-1003044?
A cross-site request forgery vulnerability exists in the Jenkins Slack Notification Plugin up to version 2.19, allowing attackers to send requests to an attacker-specified URL. By exploiting this flaw, attackers can gain unauthorized access to Jenkins using credentials previously obtained through alternative means, potentially leading to the compromise of sensitive information stored within Jenkins.
Affected Version(s)
Jenkins Slack Notification Plugin 2.19 and earlier