Cross-Site Request Forgery in Jenkins Azure Credentials Plugin
High severity
GitHub Reviewed
Published
Feb 15, 2023
to the GitHub Advisory Database
•
Updated Jan 5, 2024
Package
Affected versions
<= 253.v887e0f9e898b
Patched versions
254.v64da_8176c83a
Description
Published by the National Vulnerability Database
Feb 15, 2023
Published to the GitHub Advisory Database
Feb 15, 2023
Reviewed
Feb 15, 2023
Last updated
Jan 5, 2024
A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server.
References