Cross-Site Request Forgery in Jenkins GitLab Branch Source Plugin
CVE-2024-23902

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Gitlab Branch Source Plugin
Vendor: CVE Published:; 24 January 2024

What is CVE-2024-23902?

A security flaw has been identified in the GitLab Branch Source Plugin for Jenkins, where a cross-site request forgery (CSRF) can allow attackers to redirect users to a malicious URL of their choice. This vulnerability opens the door for unauthorized actions under the context of a victim user, potentially leading to malicious exploitation. Users are urged to assess their systems for the affected versions and apply the necessary security patches as recommended by the Jenkins security advisory.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Jenkins GitLab Branch Source Plugin 0 <= 684.vea_fa_7c1e2fe3

References

https://www.jenkins.io/security/advisory/2024-01-24/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2024/01/24/6

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 24, 2024
Vulnerability Reserved
Jan 23, 2024

JSON

Jenkins

What is CVE-2024-23902?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.