CVE-2019-10304
published 2019-04-18CVE-2019-10304: A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows…
medium6.5CVSS 3.0
AVNACLPRNUIRSUCNIHAN
A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | azure_publishersettings_credentials_plugin | — | — |
| jenkins | gitlab_plugin | — | — |
| jenkins | this_allowed_users_able_to_control_the_plugin | — | — |
| jenkins | xebialabs_xl_deploy | <= 7.5.3 | — |
| jenkins | xebialabs_xl_deploy_plugin | — | — |
| jenkins_project | jenkins_xebialabs_xl_deploy_plugin | — | — |