- Description
- In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu.
- Source
- jenkinsci-cert@googlegroups.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 8
- Impact score
- 5.9
- Exploitability score
- 2.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9C643451-F18D-4A82-8E89-10EE4C1EBFE4",
"versionEndExcluding": "2.400"
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7122C22C-3F03-421E-AA45-1F5A26F030FE",
"versionEndExcluding": "2.401.1"
}
],
"operator": "OR"
}
]
}
]