CVE-2023-40341
published 2023-08-16CVE-2023-40341: A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | blue_ocean | <= 1.27.5 | — |
| jenkins | blue_ocean_plugin | — | — |
| jenkins | config_file_provider_plugin | — | — |
| jenkins | delphix_plugin | — | — |
| jenkins | docker_swarm_plugin | — | — |
| jenkins | favorite_view_plugin | — | — |
| jenkins | flaky_test_handler_plugin | — | — |
| jenkins | folders_plugin | — | — |
| jenkins | fortify_plugin | — | — |
| jenkins | gogs_plugin | — | — |
| jenkins | improper_masking_of_credentials_in_nodejs_plugin | — | — |
| jenkins | nodejs_plugin | — | — |
| jenkins | shortcut_job_plugin | — | — |
| jenkins | tuleap_authentication_plugin | — | — |