CVE-2018-1000414 β€” Cross-Site Request Forgery in Jenkins Config File Provider

CWE-352 β€” Cross-Site Request Forgery5 documents5 sources
Severity
8.1HIGHNVD
EPSS
0.1%
top 78.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jenkins Config File Provider
Timeline
PublishedJan 9
Latest updateMay 14

Description

A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages1 packages

πŸ”΄Vulnerability Details

3
GHSA
CSRF vulnerability in Config File Provider Plugin↗2022-05-14
β–Ά
OSV
CSRF vulnerability in Config File Provider Plugin↗2022-05-14
β–Ά
CVEList
CVE-2018-1000414: A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3β†—2019-01-09
β–Ά

πŸ“‹Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2018-09-25β†—2018-09-25
β–Ά
CVE-2018-1000414 β€” Cross-Site Request Forgery | cvebase