CSRF Vulnerability in Jenkins Pipeline RESTful API Plugin
CVE-2023-37957
8.8HIGH
Key Information:
- Vendor
Jenkins
- Vendor
- CVE Published:
- 12 July 2023
What is CVE-2023-37957?
A CSRF vulnerability has been identified in the Jenkins Pipeline RESTful API Plugin version 0.11 and earlier. This flaw allows attackers to initiate unauthorized actions by exploiting the vulnerability and connecting to a malicious URL. As a result, attackers could capture newly generated JCLI tokens, potentially compromising the security of the Jenkins environment. Users are advised to update to the latest versions of the plugin to mitigate this risk.
Affected Version(s)
Jenkins Pipeline restFul API Plugin 0 <= 0.11