Cross-Site Request Forgery in Jenkins Audit to Database Plugin
CVE-2019-1003076

6.5MEDIUM

Key Information:

Vendor
Jenkins
Status
Jenkins Audit To Database Plugin
Vendor
CVE Published:
4 April 2019

Summary

A vulnerability in the Jenkins Audit to Database Plugin allows attackers to exploit the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method. By crafting a malicious request, an attacker can initiate a connection to an arbitrary server of their choosing, potentially leading to unauthorized data access and manipulation. It is essential to implement appropriate measures to mitigate this exposure.

Affected Version(s)

Jenkins Audit to Database Plugin all versions as of 2019-04-03

References

http://www.securityfocus.com/bid/107790
vdb-entryx_refsource_BID
http://www.openwall.com/lists/oss-security/2019/04/12/2
mailing-listx_refsource_MLIST
https://jenkins.io/security/advisory/2019-04-03/#SECURITY...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.