Cross-Site Request Forgery Vulnerability in Jenkins Nomad Plugin
CVE-2019-1003092

6.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Nomad Plugin
Vendor: CVE Published:; 4 April 2019

What is CVE-2019-1003092?

The Jenkins Nomad Plugin contains a cross-site request forgery (CSRF) vulnerability due to insufficient validation in the NomadCloud.DescriptorImpl#doTestConnection form method. This weakness permits attackers to forge requests that could lead to unauthorized connections to a server chosen by the attacker, thereby compromising server integrity and exposing sensitive data.