Jenkins Favorite Plugin CVE-2017-1000244 Cross Site Request Forgery Vulnerability

Favorite Plugin for Jenkins is prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.

Favorite Plugin 2.2.0 and 2.1.0 are vulnerable.

Information

Bugtraq ID: 101943
Class: Input Validation Error
CVE: CVE-2017-1000244

Remote: Yes
Local: No
Published: Nov 01 2017 12:00AM
Updated: Nov 01 2017 12:00AM
Credit: Andres Rodriguez, CloudBees, Inc.
Vulnerable: Jenkins-Ci Favorite Plugin 2.2
Jenkins-Ci Favorite Plugin 2.1

Not Vulnerable: Jenkins-Ci Favorite Plugin 2.3

Exploit

To exploit this issue, an attacker must entice an unsuspecting victim to follow a malicious URI.

References:

Jenkins CI Homepage (Jenkins CI)
jenkins home page (jenkins)
Jenkins Security Advisory 2017-06-06 (jenkins)

Source: www.securityfocus.com

Exploit Collector

Search Exploit