Cross-Site Request Forgery in Jenkins JIRA Pipeline Plugin by Jenkins
CVE-2023-24437

8.8HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins JIRA Pipeline Steps Plugin
Vendor: CVE Published:; 26 January 2023

Summary

A cross-site request forgery vulnerability exists in the Jenkins JIRA Pipeline Steps Plugin, allowing attackers to exploit the system. By leveraging this flaw, an attacker can connect to a specified URL using credentials IDs that they have acquired through other means. This exploitation opens the door for confidential information to be compromised, as attackers can access credentials stored in Jenkins, thereby jeopardizing the security posture of affected installations.

Affected Version(s)

Jenkins JIRA Pipeline Steps Plugin <= 2.0.165.v8846cf59f3db

References

https://www.jenkins.io/security/advisory/2023-01-24/#SECU...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 26, 2023
Vulnerability Reserved
Jan 23, 2023