CVE-2019-1003090

CWE-352 ā€” Cross-Site Request Forgery (CSRF)5 documents5 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 64.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jenkins Project Jenkins Soasta Cloudtest Plugin
Timeline
PublishedApr 4
Latest updateMay 13

Description

A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

ā–¶CVEListV5jenkins_project/jenkins_soasta_cloudtest_pluginall versions as of 2019-04-03

šŸ”“Vulnerability Details

3
OSV
CSRF vulnerability in Jenkins SOASTA CloudTest Pluginā†—2022-05-13
ā–¶
GHSA
CSRF vulnerability in Jenkins SOASTA CloudTest Pluginā†—2022-05-13
ā–¶
CVEList
CVE-2019-1003090: A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServerā†—2019-04-04
ā–¶

šŸ“‹Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2019-04-03ā†—2019-04-03
ā–¶
CVE-2019-1003090 (MEDIUM CVSS 6.5) | A cross-site request forgery vulner | cvebase.io