CVE-2023-37954

2023-07-1216:15:13

CWE-352

[email protected]

web.nvd.nist.gov

cve-2023-37954

csrf

jenkins

rebuilder plugin

security vulnerability

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.8%

JSON

A cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder Plugin 320.v5a_0933a_e7d61 and earlier allows attackers to rebuild a previous build.

Affected configurations

NVD

Node

jenkinsrebuilderRange≤320.v5a_0933a_e7d61jenkins

CPENameOperatorVersion
jenkins:rebuilderjenkins rebuilderle320.v5a_0933a_e7d61

CPE	Name	Operator	Version
jenkins:rebuilder	jenkins rebuilder	le	320.v5a_0933a_e7d61

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "Jenkins Rebuilder Plugin",
    "vendor": "Jenkins Project",
    "versions": [
      {
        "lessThanOrEqual": "320.v5a_0933a_e7d61",
        "status": "affected",
        "version": "0",
        "versionType": "maven"
      }
    ]
  }
]