CSRF vulnerability and missing permission check in Jenkins JiraTestResultReporter Plugin
High severity
GitHub Reviewed
Published
Mar 30, 2022
to the GitHub Advisory Database
•
Updated Oct 15, 2024
Package
Affected versions
< 166.v0cc6208295b5
Patched versions
166.v0cc6208295b5
Description
Published by the National Vulnerability Database
Mar 29, 2022
Published to the GitHub Advisory Database
Mar 30, 2022
Reviewed
Nov 29, 2022
Last updated
Oct 15, 2024
Credits
-
NotMyFault Analyst
A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin version 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
References