Lucene search

K
nvd[email protected]NVD:CVE-2023-24423
HistoryJan 26, 2023 - 9:18 p.m.

CVE-2023-24423

2023-01-2621:18:16
CWE-352
web.nvd.nist.gov
1
cve-2023-24423
cross-site request forgery
jenkins gerrit trigger plugin
vulnerability
gerrit trigger
rebuild builds

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.0005 Low

EPSS

Percentile

17.2%

A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit.

Affected configurations

NVD
Node
jenkinsgerrit_triggerRange<2.38.1jenkins

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.0005 Low

EPSS

Percentile

17.2%

Related for NVD:CVE-2023-24423