Lucene search

GitHub Advisory DatabaseGHSA-G6RX-2W84-XMGJ

HistorySep 06, 2023 - 3:30 p.m.

CSRF vulnerability in Jenkins Frugal Testing Plugin

2023-09-0615:30:26

CWE-352

GitHub Advisory Database

github.com

jenkins

frugal testing

csrf

vulnerability

security

software

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.3%

JSON

A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified username.

Affected configurations

Vulners

Node

io.jenkins.plugins\frugalMatchtesting

CPENameOperatorVersion
io.jenkins.plugins:frugal-testingle1.1

CPE	Name	Operator	Version
	io.jenkins.plugins:frugal-testing	le	1.1

References

www.openwall.com/lists/oss-security/2023/09/06/9

github.com/advisories/GHSA-g6rx-2w84-xmgj

nvd.nist.gov/vuln/detail/CVE-2023-41946

www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3082

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.3%

JSON

Related for GHSA-G6RX-2W84-XMGJ