Cross-Site Request Forgery in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin
CVE-2019-10456

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Oracle Cloud Infrastructure Compute Classic Plugin
Vendor: CVE Published:; 16 October 2019

Summary

The Jenkins Oracle Cloud Infrastructure Compute Classic Plugin is susceptible to a cross-site request forgery (CSRF) vulnerability. This security flaw allows attackers to perform actions on behalf of authenticated users by sending malicious requests to the Jenkins server. As a result, the attacker can connect to a specially crafted URL using credentials that the victim is expected to utilize, potentially leading to unauthorized access or exploitation of sensitive data.

Affected Version(s)

Jenkins Oracle Cloud Infrastructure Compute Classic Plugin 1.0.0 and earlier

References

https://jenkins.io/security/advisory/2019-10-16/#SECURITY...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2019
Vulnerability Reserved
Mar 29, 2019