CVE-2019-1003086Cross-Site Request Forgery in Project Jenkins Chef Sinatra Plugin

CWE-352Cross-Site Request Forgery5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 64.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jenkins Project Jenkins Chef Sinatra Plugin
Timeline
PublishedApr 4
Latest updateMay 13

Description

A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

CVEListV5jenkins_project/jenkins_chef_sinatra_pluginall versions as of 2019-04-03

🔴Vulnerability Details

3
GHSA
CSRF vulnerability in Jenkins sinatra-chef-builder Plugin2022-05-13
OSV
CSRF vulnerability in Jenkins sinatra-chef-builder Plugin2022-05-13
CVEList
CVE-2019-1003086: A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration2019-04-04

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2019-04-032019-04-03
CVE-2019-1003086 — Cross-Site Request Forgery | cvebase