VDB
KO
MEDIUM 4.3

GHSA-hj3h-r49w-34wh

Jenkins Multijob Plugin has a cross-site request forgery (CSRF) vulnerability

Details

Jenkins Multijob Plugin 662.vd2e0001f6b_b_d and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to resume failed Multijob builds.

Multijob Plugin 669.v9d96a_d9c71b_0 requires POST requests for the affected HTTP endpoint.

Are you affected?

Enter the version of the package you're using.

Affected packages

Maven / org.jenkins-ci.plugins:jenkins-multijob-plugin
Introduced in: 0 Fixed in: 669.v9d96a
Fix # pom.xml: bump <version>669.v9d96a</version> for org.jenkins-ci.plugins:jenkins-multijob-plugin

References