Cross-Site Request Forgery Vulnerability in Jenkins Azure Credentials Plugin
CVE-2023-25767

8.8HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Azure Credentials Plugin
Vendor: CVE Published:; 15 February 2023

What is CVE-2023-25767?

A vulnerability in the Azure Credentials Plugin for Jenkins allows for cross-site request forgery, enabling attackers to connect to malicious web servers by exploiting the trust that the Jenkins application has in the user's session. This could result in unauthorized actions being performed without the user's consent, representing a significant security risk for Jenkins users.

Affected Version(s)

Jenkins Azure Credentials Plugin <= 253.v887e0f9e898b

References

https://www.jenkins.io/security/advisory/2023-02-15/#SECU...

http://www.openwall.com/lists/oss-security/2023/02/15/4

mailing-list

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 15, 2023
Vulnerability Reserved
Feb 14, 2023