CVE-2023-24432
published 2023-01-26CVE-2023-24432: A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | bearychat_plugin | — | — |
| jenkins | bitbucket_oauth_plugin | — | — |
| jenkins | cisco_spark_notifier_plugin | — | — |
| jenkins | gerrit_trigger_plugin | — | — |
| jenkins | github_pull_request_builder_plugin | — | — |
| jenkins | github_pull_request_coverage_status_plugin | — | — |
| jenkins | ids_in_orka_by_macstadium_plugin | — | — |
| jenkins | jira_pipeline_steps_plugin | — | — |
| jenkins | keycloak_authentication_plugin | — | — |
| jenkins | kubernetes_credentials_provider_plugin | — | — |
| jenkins | macstadium_plugin | — | — |
| jenkins | mstest_plugin | — | — |
| jenkins | openid_connect_authentication_plugin | — | — |
| jenkins | openid_plugin | — | — |
| jenkins | orka_by_macstadium | < 1.32 | 1.32 |
| jenkins | orka_by_macstadium_plugin | — | — |
| jenkins | pwauth_security_realm_plugin | — | — |
| jenkins | rabbitmq_consumer_plugin | — | — |
| jenkins | script_security_plugin | — | — |
| jenkins | semantic_versioning_plugin | — | — |
| jenkins | testcomplete_support_plugin | — | — |
| jenkins | testquality_updater_plugin | — | — |
| jenkins_project | jenkins_orka_by_macstadium_plugin | unspecified – 1.31 | — |