Lucene search
Alpine Linux Development TeamALPINE:CVE-2023-35141HistoryJun 14, 2023 - 1:15 p.m.
CVE-2023-35141
2023-06-1413:15:00
Alpine Linux Development Team
security.alpinelinux.org
20
jenkins
lts
endpoint manipulation
user-provided values
post request
context menu
security vulnerability
0.001 Low
EPSS
Percentile
44.2%
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | 3.18-community | noarch | jenkins | = 2.387.3-r0 | UNKNOWN |
Related
openvas
openvas
Jenkins CSRF Vulnerability (CVE-2023-35141) - Linux
2023-06-19 00:00:00
Jenkins CSRF Vulnerability (CVE-2023-35141) - Windows
2023-06-19 00:00:00
cve
cve
CVE-2023-35141
2023-06-14 13:15:11
prion
prion
Code injection
2023-06-14 13:15:00
nessus
nessus
FreeBSD : jenkins -- CSRF protection bypass vulnerability (b4db7d78-bb62-4f4c-9326-6e9fc2ddd400)
2023-06-14 00:00:00
Jenkins LTS < 2.401.1 / Jenkins weekly < 2.400 XSRF
2023-06-16 00:00:00
osv
osv
CVE-2023-35141
2023-06-14 13:15:11
Jenkins CSRF protection bypass vulnerability
2023-06-14 15:30:37
BIT-jenkins-2023-35141
2024-03-06 10:55:33
redhatcve
redhatcve
CVE-2023-35141
2023-06-21 07:16:35
freebsd
freebsd
jenkins -- CSRF protection bypass vulnerability
2023-06-14 00:00:00
veracode
veracode
Improper Access Control
2023-06-15 18:15:30
cvelist
cvelist
CVE-2023-35141
2023-06-14 12:53:05
nvd
nvd
CVE-2023-35141
2023-06-14 13:15:11
github
github
Jenkins CSRF protection bypass vulnerability
2023-06-14 15:30:37
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00