Jenkins CRX Content Package Deployer Plugin 1.8.1 Cross-Site Request Forgery (CSRF) Vulnerability

Summary

A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect.

 

Credit:

The information has been provided by Daniel Beck

The original article can be found at: https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20(1)

 

 


Details

An attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

 

Vulnerable Systems:

Jenkins CRX Content Package Deployer Plugin 1.8.1

 

CVE Information:

CVE-2019-10437

 

Disclosure Timeline:
Published Date:10/16/2019