External Monitor Job Type Plugin does not require POST requests for an HTTP endpoint
Moderate severity
GitHub Reviewed
Published
Jul 28, 2022
to the GitHub Advisory Database
•
Updated Jan 13, 2024
Package
Affected versions
<= 191.v363d0d1efdf8
Patched versions
192.ve979ca_8b_3ccd
Description
Published by the National Vulnerability Database
Jul 27, 2022
Published to the GitHub Advisory Database
Jul 28, 2022
Reviewed
Aug 11, 2022
Last updated
Jan 13, 2024
Jenkins External Monitor Job Type Plugin 191.v363d0d1efdf8 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to create runs of an external job.
External Monitor Job Type Plugin 192.ve979ca_8b_3ccd requires POST requests for the affected HTTP endpoint.
References