CVE-2019-16560

CWE-352Cross-Site Request Forgery (CSRF)5 documents5 sources
Severity
8.8HIGH
EPSS
0.1%
top 70.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Websphere Deployer PluginJenkins Websphere Deployer
Timeline
PublishedDec 17
Latest updateMay 24

Description

A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_websphere_deployer_pluginunspecified1.6.1

🔴Vulnerability Details

3
OSV
Cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin2022-05-24
GHSA
Cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin2022-05-24
CVEList
CVE-2019-16560: A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 12019-12-17

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2019-12-172019-12-17
CVE-2019-16560 (HIGH CVSS 8.8) | A cross-site request forgery vulner | cvebase.io