CSRF vulnerability in Jenkins Team Foundation Server Plugin allow capturing credentials

2022-05-2417:45:46

Google

osv.dev

0.001 Low

EPSS

Percentile

33.0%

JSON

A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CPENameOperatorVersion
org.jenkins-ci.plugins:tfseq5.2.0
org.jenkins-ci.plugins:tfseq4.1.0
org.jenkins-ci.plugins:tfseq5.139.1
org.jenkins-ci.plugins:tfseq2.0
org.jenkins-ci.plugins:tfseq5.157.1
org.jenkins-ci.plugins:tfseq5.2.1
org.jenkins-ci.plugins:tfseq3.1.1
org.jenkins-ci.plugins:tfseq5.0.0
org.jenkins-ci.plugins:tfseq5.1.0
org.jenkins-ci.plugins:tfseq4.0.0

Name	Operator	Version
org.jenkins-ci.plugins:tfs	eq	5.2.0
org.jenkins-ci.plugins:tfs	eq	4.1.0
org.jenkins-ci.plugins:tfs	eq	5.139.1
org.jenkins-ci.plugins:tfs	eq	2.0
org.jenkins-ci.plugins:tfs	eq	5.157.1
org.jenkins-ci.plugins:tfs	eq	5.2.1
org.jenkins-ci.plugins:tfs	eq	3.1.1
org.jenkins-ci.plugins:tfs	eq	5.0.0
org.jenkins-ci.plugins:tfs	eq	5.1.0
org.jenkins-ci.plugins:tfs	eq	4.0.0