Cross-Site Request Forgery in Jenkins JIRA Pipeline Plugin by Jenkins
CVE-2023-24437
8.8HIGH
Key Information:
- Vendor
Jenkins
- Vendor
- CVE Published:
- 26 January 2023
What is CVE-2023-24437?
A cross-site request forgery vulnerability exists in the Jenkins JIRA Pipeline Steps Plugin, allowing attackers to exploit the system. By leveraging this flaw, an attacker can connect to a specified URL using credentials IDs that they have acquired through other means. This exploitation opens the door for confidential information to be compromised, as attackers can access credentials stored in Jenkins, thereby jeopardizing the security posture of affected installations.
Affected Version(s)
Jenkins JIRA Pipeline Steps Plugin <= 2.0.165.v8846cf59f3db