Cross-Site Request Forgery Vulnerability in Jenkins GitHub Pull Request Builder Plugin
CVE-2023-24434
8.8HIGH
Key Information:
- Vendor
Jenkins
- Vendor
- CVE Published:
- 26 January 2023
What is CVE-2023-24434?
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Jenkins GitHub Pull Request Builder Plugin, versions 1.42.2 and earlier. This vulnerability permits attackers to send unauthorized requests that link to an attacker-specified URL, using attacker-controlled credentials. By leveraging this exploit, an attacker can gain access to sensitive Jenkins credentials stored within the system, compromising the security of automated workflows.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Jenkins GitHub Pull Request Builder Plugin <= 1.42.2
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved