8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
23.4%
org.jenkins-ci.plugins:elasticbox is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to not requiring POST requests for HTTP endpoints, allowing an attacker to connect to nefarious URLs using credentials obtained in another way, resulting in stealing credentials from Jenkins’ saved credentials.
CPE | Name | Operator | Version |
---|---|---|---|
elasticbox ci plug-in | le | 4.0.8 | |
elasticbox ci plug-in | le | 4.0.8 |