Cross-Site Request Forgery in Jenkins Chef Sinatra Plugin
CVE-2019-1003086

6.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Chef Sinatra Plugin
Vendor: CVE Published:; 4 April 2019

What is CVE-2019-1003086?

A cross-site request forgery vulnerability exists in the Jenkins Chef Sinatra Plugin which allows attackers to execute unauthorized commands. Specifically, the flaw emerges in the form validation method of ChefBuilderConfiguration.DescriptorImpl#doTestConnection, enabling attackers to redirect requests to a server of their choosing. This could potentially lead to unauthorized access and elevated privileges, necessitating immediate attention to mitigate associated risks.