cbcvebase.
CVE-2023-24434
published 2023-01-26

CVE-2023-24434: A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an…

high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Affected

23 ranges
VendorProductVersion rangeFixed in
jenkinsbearychat_plugin
jenkinsbitbucket_oauth_plugin
jenkinscisco_spark_notifier_plugin
jenkinsgerrit_trigger_plugin
jenkinsgithub_pull_request_builder<= 1.42.2
jenkinsgithub_pull_request_builder_plugin
jenkinsgithub_pull_request_coverage_status_plugin
jenkinsids_in_orka_by_macstadium_plugin
jenkinsjira_pipeline_steps_plugin
jenkinskeycloak_authentication_plugin
jenkinskubernetes_credentials_provider_plugin
jenkinsmacstadium_plugin
jenkinsmstest_plugin
jenkinsopenid_connect_authentication_plugin
jenkinsopenid_plugin
jenkinsorka_by_macstadium_plugin
jenkinspwauth_security_realm_plugin
jenkinsrabbitmq_consumer_plugin
jenkinsscript_security_plugin
jenkinssemantic_versioning_plugin
jenkinstestcomplete_support_plugin
jenkinstestquality_updater_plugin
jenkins_projectjenkins_github_pull_request_builder_pluginunspecified – 1.42.2