CVE-2019-16550: A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins…

high8.8CVSS 3.1

AVNACLPRNUIRSUCHIHAH

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.

Affected

21 ranges

Vendor	Product	Version range	Fixed in
jenkins	alauda_devops_pipeline_plugin	—	—
jenkins	alauda_kubernetes_suport_plugin	—	—
jenkins	build_failure_analyzer_plugin	—	—
jenkins	gerrit_trigger_plugin	—	—
jenkins	ids_in_team_concert_plugin	—	—
jenkins	ids_to_allow_users_configuring_the_plugin	—	—
jenkins	jenkins_and_plugin	—	—
jenkins	mantis_plugin	—	—
jenkins	maven	<= 0.16.1	—
jenkins	maven_release_plug-in_plugin	—	—
jenkins	mission_control_plugin	—	—
jenkins	pipeline_aggregator_view_plugin	—	—
jenkins	rapiddeploy_plugin	—	—
jenkins	redgate_sql_change_automation_plugin	—	—
jenkins	rundeck_plugin	—	—
jenkins	sctmexecutor_plugin	—	—
jenkins	spira_importer_plugin	—	—
jenkins	team_concert_plugin	—	—
jenkins	websphere_deployer_plugin	—	—
jenkins	weibo_plugin	—	—
jenkins_project	jenkins_maven_release_plugin	unspecified – 0.16.1	—