Jenkins Favorite Plugin CVE-2017-1000244 Cross Site Request Forgery Vulnerability



Favorite Plugin for Jenkins is prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.

Favorite Plugin 2.2.0 and 2.1.0 are vulnerable.

Information

Bugtraq ID: 101943
Class: Input Validation Error
CVE: CVE-2017-1000244

Remote: Yes
Local: No
Published: Nov 01 2017 12:00AM
Updated: Nov 01 2017 12:00AM
Credit: Andres Rodriguez, CloudBees, Inc.
Vulnerable: Jenkins-Ci Favorite Plugin 2.2
Jenkins-Ci Favorite Plugin 2.1


Not Vulnerable: Jenkins-Ci Favorite Plugin 2.3


Exploit


To exploit this issue, an attacker must entice an unsuspecting victim to follow a malicious URI.


References:

Related Posts

Comments