cbcvebase.
CVE-2023-37964
published 2023-07-12

CVE-2023-37964: A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL…

high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Affected

17 ranges
VendorProductVersion rangeFixed in
jenkinsactive_directory_plugin
jenkinsassembla_auth_plugin
jenkinsbenchmark_evaluator_plugin
jenkinsdatadog_plugin
jenkinselasticbox_ci<= 5.0.1
jenkinselasticbox_ci_plugin
jenkinsexternal_monitor_job_type_plugin
jenkinsfor_more_information_see_the_plugin
jenkinsmacstadium_plugin
jenkinsmathworks_polyspace_plugin
jenkinsopenshift_login_plugin
jenkinsoracle_cloud_infrastructure_compute_plugin
jenkinsorka_by_macstadium_plugin
jenkinsrebuilder_plugin
jenkinssumologic_publisher_plugin
jenkinstest_results_aggregator_plugin
jenkins_projectjenkins_elasticbox_ci_plugin<= 5.0.1