MEDIUM 4.3
GHSA-hj3h-r49w-34wh
Jenkins Multijob Plugin has a cross-site request forgery (CSRF) vulnerability
Details
Jenkins Multijob Plugin 662.vd2e0001f6b_b_d and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to resume failed Multijob builds.
Multijob Plugin 669.v9d96a_d9c71b_0 requires POST requests for the affected HTTP endpoint.
Are you affected?
Enter the version of the package you're using.
Affected packages
Maven / org.jenkins-ci.plugins:jenkins-multijob-plugin
Introduced in:
0 Fixed in: 669.v9d96a Fix
# pom.xml: bump <version>669.v9d96a</version> for org.jenkins-ci.plugins:jenkins-multijob-plugin