Cross-Site Request Forgery Vulnerability in Jenkins Assembla Auth Plugin
CVE-2023-37961

8.8HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Assembla Auth Plugin
Vendor: CVE Published:; 12 July 2023

Summary

A cross-site request forgery vulnerability has been identified in the Assembla Auth Plugin for Jenkins, affecting versions 1.14 and earlier. This issue enables attackers to potentially deceive users into executing unintended actions, which could lead to unauthorized login to the attacker's account. With this vulnerability, the integrity of user sessions is compromised, making it a significant security concern for Jenkins users relying on this plugin.

Affected Version(s)

Jenkins Assembla Auth Plugin 0 <= 1.14

References

https://www.jenkins.io/security/advisory/2023-07-12/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/07/12/2

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 12, 2023
Vulnerability Reserved
Jul 11, 2023