CSRF Vulnerability in Jenkins Pipeline RESTful API Plugin
CVE-2023-37957

8.8HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Pipeline Restful Api Plugin
Vendor: CVE Published:; 12 July 2023

Summary

A CSRF vulnerability has been identified in the Jenkins Pipeline RESTful API Plugin version 0.11 and earlier. This flaw allows attackers to initiate unauthorized actions by exploiting the vulnerability and connecting to a malicious URL. As a result, attackers could capture newly generated JCLI tokens, potentially compromising the security of the Jenkins environment. Users are advised to update to the latest versions of the plugin to mitigate this risk.

Affected Version(s)

Jenkins Pipeline restFul API Plugin 0 <= 0.11

References

https://www.jenkins.io/security/advisory/2023-07-12/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/07/12/2

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 12, 2023
Vulnerability Reserved
Jul 11, 2023