Lucene search

GoogleOSV:GHSA-QRH2-MH97-PW8P

HistoryMay 13, 2022 - 1:25 a.m.

CSRF vulnerability in Jenkins Audit to Database Plugin

2022-05-1301:25:43

Google

osv.dev

jenkins

audit plugin

csrf vulnerability

database

connection initiation

security issue

AI Score

6.6

Confidence

High

EPSS

0.002

Percentile

58.6%

JSON

A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server.

References

www.openwall.com/lists/oss-security/2019/04/12/2

www.securityfocus.com/bid/107790

jenkins.io/security/advisory/2019-04-03/#SECURITY-977

nvd.nist.gov/vuln/detail/CVE-2019-1003076