Lucene search

[email protected]NVD:CVE-2023-24434

HistoryJan 26, 2023 - 9:18 p.m.

CVE-2023-24434

2023-01-2621:18:17

CWE-352

[email protected]

web.nvd.nist.gov

cve-2023-24434

cross-site request forgery

jenkins

github pull request builder plugin

credentials

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

33.0%

JSON

A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Affected configurations

Nvd

Node

jenkinsgithub_pull_request_builderRange≤1.42.2jenkins

VendorProductVersionCPE
jenkinsgithub_pull_request_builder*cpe:2.3:a:jenkins:github_pull_request_builder:*:*:*:*:*:jenkins:*:*

Vendor	Product	Version	CPE
jenkins	github_pull_request_builder	*	cpe:2.3:a:jenkins:github_pull_request_builder::::::jenkins::*

References

www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2789%20%282%29

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

33.0%

JSON

Related for NVD:CVE-2023-24434

github1 prion1 osv2 cve1 cvelist1 nessus2