CVE-2019-1003058

CWE-352 — Cross-Site Request Forgery (CSRF)5 documents5 sources
Severity
6.5MEDIUM
EPSS
0.5%
top 34.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jenkins Project Jenkins FTP Publisher Plugin
Timeline
PublishedApr 4
Latest updateMay 13

Description

A cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers to initiate a connection to an attacker-specified server.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

â–¶CVEListV5jenkins_project/jenkins_ftp_publisher_pluginall versions as of 2019-04-03

🔴Vulnerability Details

3
OSV
CSRF vulnerability in Jenkins FTP publisher Plugin↗2022-05-13
â–¶
GHSA
CSRF vulnerability in Jenkins FTP publisher Plugin↗2022-05-13
â–¶
CVEList
CVE-2019-1003058: A cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher↗2019-04-04
â–¶

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2019-04-03↗2019-04-03
â–¶
CVE-2019-1003058 (MEDIUM CVSS 6.5) | A cross-site request forgery vulner | cvebase.io