CVE-2023-41946
3.5LOW
Key Information
- Vendor
- Jenkins
- Status
- Jenkins Frugal Testing Plugin
- Vendor
- CVE Published:
- 6 September 2023
Summary
A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified username.
Affected Version(s)
Jenkins Frugal Testing Plugin <= 1.1
CVSS V3.1
Score:
3.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database