CVE-2023-39153: A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to…

medium5.4CVSS 3.1

AVNACLPRNUIRSUCLILAN

A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account.

Affected

14 ranges

Vendor	Product	Version range	Fixed in
gitlab	gitlab	—	—
jenkins	bazaar_plugin	—	—
jenkins	chef_identity_plugin	—	—
jenkins	gitlab_authentication	<= 1.17.1	—
jenkins	gitlab_authentication_plugin	—	—
jenkins	gradle_plugin	—	—
jenkins	incorrect_control_flow_in_gradle_plugin	—	—
jenkins	jenkins_core	—	—
jenkins	jenkins_lts	—	—
jenkins	jenkins_weekly	—	—
jenkins	qualys_web_app_scanning_connector_plugin	—	—
jenkins	secret_displayed_without_masking_by_chef_identity_plugin	—	—
jenkins	servicenow_devops_plugin	—	—
jenkins_project	jenkins_gitlab_authentication_plugin	<= 1.17.1	—