Jenkins.CVS.Plugin.Cross-Site.Request.Forgery
Description
This indicates an attack attempt to exploit a Cross-Site Forgery Vulnerability in Jenkins CVS Plugin.
A remote attacker can exploit these vulnerabilities by enticing a target user into clicking a malicious link or visiting a crafted web page. Successful exploitation results in the target user taking actions on behalf of the attacker to create and manipulate tags, and to connect to an attacker-specified URL.
Affected Products
Jenkins CVS Plugin 2.15 and earlier
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.jenkins.io/security/advisory/2020-05-06/#SECURITY-1094
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-11-17 | 16.963 | Sig Added |
2020-10-22 | 16.948 | Default_action:pass:drop |
2020-10-12 | 16.941 |