Cross-Site Request Forgery in Jenkins Slack Notification Plugin
CVE-2019-1003044
7.1HIGH
Key Information:
- Vendor
- Jenkins
- Vendor
- CVE Published:
- 28 March 2019
Summary
A cross-site request forgery vulnerability exists in the Jenkins Slack Notification Plugin up to version 2.19, allowing attackers to send requests to an attacker-specified URL. By exploiting this flaw, attackers can gain unauthorized access to Jenkins using credentials previously obtained through alternative means, potentially leading to the compromise of sensitive information stored within Jenkins.
Affected Version(s)
Jenkins Slack Notification Plugin 2.19 and earlier
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved