Cross-Site Request Forgery in Jenkins SOASTA CloudTest Plugin
CVE-2019-1003090
6.5MEDIUM
Summary
This vulnerability in the Jenkins SOASTA CloudTest Plugin allows attackers to exploit form validation methods. By initiating unauthorized connections to a server specified by the attacker, the vulnerability poses a significant risk to users. Proper validation mechanisms must be in place to prevent such attacks and safeguard sensitive actions from untrusted sources.
Affected Version(s)
Jenkins SOASTA CloudTest Plugin all versions as of 2019-04-03
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved