CSRF vulnerability and missing permission check in Jenkins JiraTestResultReporter Plugin
High severity
GitHub Reviewed
Published
Mar 30, 2022
to the GitHub Advisory Database
•
Updated Dec 6, 2023
Package
Affected versions
< 166.v0cc6208295b5
Patched versions
166.v0cc6208295b5
Description
Published by the National Vulnerability Database
Mar 29, 2022
Published to the GitHub Advisory Database
Mar 30, 2022
Reviewed
Nov 29, 2022
Last updated
Dec 6, 2023
Credits
-
NotMyFault Analyst
A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
References