VDB
KO
MEDIUM 4.3

GHSA-rf8w-7c3g-7h3g

Jenkins GitHub Integration Plugin has a cross-site request forgery (CSRF) vulnerability

Details

Jenkins GitHub Integration Plugin 0.7.3 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to trigger a build for a pull request.

GitHub Integration Plugin 0.7.4 requires POST requests for the affected HTTP endpoint.

Are you affected?

Enter the version of the package you're using.

Affected packages

Maven / org.jenkins-ci.plugins:github-integration-parent
Introduced in: 0 Fixed in: 0.7.4
Fix # pom.xml: bump <version>0.7.4</version> for org.jenkins-ci.plugins:github-integration-parent

References