Jenkins Job Import Plugin CSRF vulnerability

2022-05-1301:31:34

Google

osv.dev

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.6%

JSON

A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job’s configuration.

CPENameOperatorVersion
org.jenkins-ci.plugins:job-import-plugineq1.6
org.jenkins-ci.plugins:job-import-plugineq2.1
org.jenkins-ci.plugins:job-import-plugineq1.8
org.jenkins-ci.plugins:job-import-plugineq1.2
org.jenkins-ci.plugins:job-import-plugineq2.0
org.jenkins-ci.plugins:job-import-plugineq1.5
org.jenkins-ci.plugins:job-import-plugineq1.7
org.jenkins-ci.plugins:job-import-plugineq3.0
org.jenkins-ci.plugins:job-import-plugineq1.3.1
org.jenkins-ci.plugins:job-import-plugineq1.3

Name	Operator	Version
org.jenkins-ci.plugins:job-import-plugin	eq	1.6
org.jenkins-ci.plugins:job-import-plugin	eq	2.1
org.jenkins-ci.plugins:job-import-plugin	eq	1.8
org.jenkins-ci.plugins:job-import-plugin	eq	1.2
org.jenkins-ci.plugins:job-import-plugin	eq	2.0
org.jenkins-ci.plugins:job-import-plugin	eq	1.5
org.jenkins-ci.plugins:job-import-plugin	eq	1.7
org.jenkins-ci.plugins:job-import-plugin	eq	3.0
org.jenkins-ci.plugins:job-import-plugin	eq	1.3.1
org.jenkins-ci.plugins:job-import-plugin	eq	1.3