CSRF vulnerability in Fortify Plugin allow capturing credentials
CVE-2023-4301
4.2MEDIUM
Summary
A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Affected Version(s)
Jenkins Fortify Plugin <= 22.1.38
CVSS V3.1
Score:
4.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Risk change from: 5.4 to: 4.2 - (MEDIUM)
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database
Credit
Alvaro Muñoz (@pwntester), GitHub Security Lab
Kevin Guerroudj, CloudBees, Inc.