Cross-Site Request Forgery in Jenkins SOASTA CloudTest Plugin
CVE-2019-1003090

6.5MEDIUM

Key Information:

Vendor

Jenkins
Status
Jenkins Soasta Cloudtest Plugin
Vendor
CVE Published:
4 April 2019

What is CVE-2019-1003090?

This vulnerability in the Jenkins SOASTA CloudTest Plugin allows attackers to exploit form validation methods. By initiating unauthorized connections to a server specified by the attacker, the vulnerability poses a significant risk to users. Proper validation mechanisms must be in place to prevent such attacks and safeguard sensitive actions from untrusted sources.

Affected Version(s)

Jenkins SOASTA CloudTest Plugin all versions as of 2019-04-03

References

http://www.securityfocus.com/bid/107790
vdb-entryx_refsource_BID
http://www.openwall.com/lists/oss-security/2019/04/12/2
mailing-listx_refsource_MLIST
https://jenkins.io/security/advisory/2019-04-03/#SECURITY...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.