Cross-Site Request Forgery (CSRF) in Jenkins Plug-in for ServiceNow DevOps
CVE-2023-3414

6.1MEDIUM

Key Information:

Vendor: Servicenow
Status: Jenkins Plug-in For Servicenow Devops
Vendor: CVE Published:; 26 July 2023

What is CVE-2023-3414?

A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform.

Affected Version(s)

Jenkins plug-in for ServiceNow DevOps Jenkins 0 < 1.38.1

References

https://support.servicenow.com/kb?id=kb_article_view&sysp...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 26, 2023
Vulnerability Reserved
Jun 26, 2023

Credit

Alvaro Muñoz (@pwntester), GitHub Security Lab

Servicenow

What is CVE-2023-3414?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit