Cross-Site Request Forgery in Jenkins Folders Plugin
CVE-2023-40337

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Folders Plugin
Vendor: CVE Published:; 16 August 2023

What is CVE-2023-40337?

The Jenkins Folders Plugin is susceptible to a cross-site request forgery (CSRF) vulnerability, which can be exploited by attackers to perform unauthorized actions, such as copying views within a folder. This could lead to a breach of access controls and unauthorized manipulation of sensitive data. Users are advised to upgrade to the latest version to mitigate potential risks. For detailed information and guidance, visit the Jenkins Security Advisory.

Affected Version(s)

Jenkins Folders Plugin 0 <= 6.846.v23698686f0f6

References

https://www.jenkins.io/security/advisory/2023-08-16/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/08/16/3

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2023
Vulnerability Reserved
Aug 14, 2023