CSRF vulnerability in Jenkins Build With Parameters Plugin

2022-05-2417:45:44

Google

osv.dev

0.001 Low

EPSS

Percentile

33.3%

JSON

Jenkins Build With Parameters Plugin 1.5 and earlier does not require POST requests for its form submission endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to build a project with attacker-specified parameters. Build With Parameters Plugin 1.5.1 requires POST requests for the affected HTTP endpoint.

CPENameOperatorVersion
org.jenkins-ci.plugins:build-with-parameterseq1.3
org.jenkins-ci.plugins:build-with-parameterseq1.2
org.jenkins-ci.plugins:build-with-parameterseq1.5
org.jenkins-ci.plugins:build-with-parameterseq1.4
org.jenkins-ci.plugins:build-with-parameterseq1.1

Name	Operator	Version
org.jenkins-ci.plugins:build-with-parameters	eq	1.3
org.jenkins-ci.plugins:build-with-parameters	eq	1.2
org.jenkins-ci.plugins:build-with-parameters	eq	1.5
org.jenkins-ci.plugins:build-with-parameters	eq	1.4
org.jenkins-ci.plugins:build-with-parameters	eq	1.1