Lucene search
HistoryJul 26, 2023 - 2:15 p.m.
CVE-2023-39153
cve-2023-39153
cross-site request forgery
csrf
jenkins
gitlab authentication plugin
nvd
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
29.1%
A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker’s account.
Affected configurations
Node
jenkinsgitlab_authenticationRange≤1.17.1jenkins
| CPE | Name | Operator | Version |
|---|---|---|---|
| jenkins:gitlab_authentication | jenkins gitlab authentication | le | 1.17.1 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Jenkins GitLab Authentication Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "1.17.1",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
]Related
cvelist
cvelist
CVE-2023-39153
2023-07-26 13:54:53
osv
osv
CVE-2023-39153
2023-07-26 14:15:10
CSRF vulnerability in GitLab Authentication Plugin
2023-07-26 15:30:57
prion
prion
Cross site request forgery (csrf)
2023-07-26 14:15:00
github
github
CSRF vulnerability in GitLab Authentication Plugin
2023-07-26 15:30:57
nvd
nvd
CVE-2023-39153
2023-07-26 14:15:10
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2023-07-26)
2023-07-28 00:00:00
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
29.1%
Related for CVE-2023-39153