CVE-2018-1000411

CWE-352Cross-Site Request Forgery (CSRF)8 documents7 sources
Severity
6.5MEDIUM
EPSS
0.4%
top 40.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jenkins Junit
Timeline
PublishedJan 9
Latest updateMay 14

Description

A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDjenkins/junit1.25

🔴Vulnerability Details

3
OSV
Jenkins JUnit Plugin CSRF vulnerability2022-05-14
GHSA
Jenkins JUnit Plugin CSRF vulnerability2022-05-14
CVEList
CVE-2018-1000411: A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 12019-01-09

📋Vendor Advisories

2
Jenkins
Jenkins Security Advisory 2018-09-252018-09-25
Red Hat
jenkins-plugin-junit: CSRF due to URL not requiring POST requests2018-09-25

💬Community

2
Bugzilla
CVE-2018-1000411 jenkins-plugin-junit: CSRF due to URL not requiring POST requests2018-10-15
Bugzilla
CVE-2017-1000411 opendaylight: Controller denial-of-service due to "expired" flows taking up the memory resource of CONFIG DS2017-12-01
CVE-2018-1000411 (MEDIUM CVSS 6.5) | A cross-site request forgery vulner | cvebase.io