CVE-2019-16550

CWE-352 — Cross-Site Request Forgery (CSRF)5 documents5 sources

Severity

8.8HIGH

EPSS

0.1%

top 68.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Maven Release Plugin Jenkins Maven

Timeline

PublishedDec 17

Latest updateMay 24

Description

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5jenkins_project/jenkins_maven_release_pluginunspecified — 0.16.1

▶Mavenorg.jenkins-ci.plugins.m2release:m2release< 0.16.2

▶NVDjenkins/maven0.16.1

🔴Vulnerability Details

GHSA

Cross-site request forgery (CSRF) vulnerability in Jenkins Maven Release Plugin↗2022-05-24

▶

OSV

Cross-site request forgery (CSRF) vulnerability in Jenkins Maven Release Plugin↗2022-05-24

▶

CVEList

CVE-2019-16550: A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0↗2019-12-17

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2019-12-17↗2019-12-17

▶