Cross-Site Request Forgery Vulnerability in Jenkins Digital.ai App Management Publisher Plugin
CVE-2023-35148

6.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Digital.ai App Management Publisher Plugin
Vendor: CVE Published:; 14 June 2023

Summary

The Digital.ai App Management Publisher Plugin for Jenkins is susceptible to a cross-site request forgery (CSRF) vulnerability. This flaw permits attackers to forge requests to the Jenkins server, potentially allowing them to redirect connections to their own specified URL. Consequently, any credentials stored in Jenkins can be captured by malicious entities, posing a serious risk to user data and system integrity. Users of versions 2.6 and earlier should apply the recommended updates to mitigate this security concern.

Affected Version(s)

Jenkins Digital.ai App Management Publisher Plugin 0 <= 2.6

References

https://www.jenkins.io/security/advisory/2023-06-14/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/06/14/5

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2023
Vulnerability Reserved
Jun 14, 2023