4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
41.8%
Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to reindex the database.
CPE | Name | Operator | Version |
---|---|---|---|
org.jenkins-ci.plugins:lucene-search | le | 387.v938a |
www.openwall.com/lists/oss-security/2023/04/13/3
github.com/advisories/GHSA-gh5w-gffh-68pr
github.com/jenkinsci/lucene-search-plugin/commit/828f79fedbe3da08b17937a85b98b5d7f499a8dd
github.com/jenkinsci/lucene-search-plugin/commit/ffd691642b8dda63b55cfc7e73993336554dbcb2
nvd.nist.gov/vuln/detail/CVE-2023-30529
www.jenkins.io/security/advisory/2023-04-12/#SECURITY-3013