cbcvebase.
CVE-2023-37952
published 2023-07-12

CVE-2023-37952: A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using…

medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Affected

17 ranges
VendorProductVersion rangeFixed in
jenkinsactive_directory_plugin
jenkinsassembla_auth_plugin
jenkinsbenchmark_evaluator_plugin
jenkinsdatadog_plugin
jenkinselasticbox_ci_plugin
jenkinsexternal_monitor_job_type_plugin
jenkinsfor_more_information_see_the_plugin
jenkinsmabl<= 0.0.46
jenkinsmacstadium_plugin
jenkinsmathworks_polyspace_plugin
jenkinsopenshift_login_plugin
jenkinsoracle_cloud_infrastructure_compute_plugin
jenkinsorka_by_macstadium_plugin
jenkinsrebuilder_plugin
jenkinssumologic_publisher_plugin
jenkinstest_results_aggregator_plugin
jenkins_projectjenkins_mabl_plugin<= 0.0.46