MEDIUM 4.3
GHSA-rf8w-7c3g-7h3g
Jenkins GitHub Integration Plugin has a cross-site request forgery (CSRF) vulnerability
Details
Jenkins GitHub Integration Plugin 0.7.3 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to trigger a build for a pull request.
GitHub Integration Plugin 0.7.4 requires POST requests for the affected HTTP endpoint.
Are you affected?
Enter the version of the package you're using.
Affected packages
Maven / org.jenkins-ci.plugins:github-integration-parent
Introduced in:
0 Fixed in: 0.7.4 Fix
# pom.xml: bump <version>0.7.4</version> for org.jenkins-ci.plugins:github-integration-parent