Lucene search
GitHub Advisory DatabaseGHSA-24HP-84JP-8WGMHistoryNov 16, 2022 - 12:00 p.m.
Cross-Site Request Forgery in Jenkins Cluster Statistics Plugin
2022-11-1612:00:23
CWE-352
GitHub Advisory Database
github.com
6
cross-site request forgery
jenkins
cluster statistics plugin
vulnerability
deletion
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
27.9%
A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.
Affected configurations
Node
org.zeroturnaround\clusterMatchstats
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.zeroturnaround:cluster-stats | le | 0.4.6 |
Related
prion
prion
Cross site request forgery (csrf)
2022-11-15 20:15:00
cve
cve
CVE-2022-45398
2022-11-15 20:15:14
nvd
nvd
CVE-2022-45398
2022-11-15 20:15:14
cvelist
cvelist
CVE-2022-45398
2022-11-15 00:00:00
osv
osv
Cross-Site Request Forgery in Jenkins Cluster Statistics Plugin
2022-11-16 12:00:23
nessus
nessus
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
27.9%
Related for GHSA-24HP-84JP-8WGM