Cross-Site Request Forgery Vulnerability in Jenkins Deployment Dashboard Plugin
CVE-2023-50775

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Deployment Dashboard Plugin
Vendor: CVE Published:; 13 December 2023

Summary

A cross-site request forgery (CSRF) vulnerability exists in Jenkins Deployment Dashboard Plugin versions 1.0.10 and earlier, allowing attackers to perform unauthorized actions by tricking users into executing unwanted commands. This can lead to job duplication, potentially compromising the integrity of the Jenkins setup. It is crucial for users to update to the latest version to mitigate this security risk.

Affected Version(s)

Jenkins Deployment Dashboard Plugin 0 <= 1.0.10

References

https://www.jenkins.io/security/advisory/2023-12-13/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/12/13/4

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2023
Vulnerability Reserved
Dec 13, 2023