Jenkins Git Plugin CVE-2017-1000092 Cross Site Request Forgery Vulnerability



Git Plugin for Jenkins is prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.

The following products are affected:

Git Plugin 3.3.1 and prior.
Git Plugin 2.4.0-beta-1 and prior.

Information

Bugtraq ID: 100435
Class: Input Validation Error
CVE: CVE-2017-1000092

Remote: Yes
Local: No
Published: Aug 22 2017 12:00AM
Updated: Aug 22 2017 05:11PM
Credit: Jesse Glick, CloudBees, Inc
Vulnerable: Redhat OpenShift Enterprise 3.0
Jenkins-Ci Git plugin 3.3.1
Jenkins-Ci Git plugin 2.4.0-beta-1


Not Vulnerable: Jenkins-Ci Git plugin 3.3.2
Jenkins-Ci Git plugin 3.4.0-beta-2


Exploit


To exploit this issue, an attacker must entice an unsuspecting victim to follow a malicious URI.


Related Posts

Comments