MEDIUM 4.3
GHSA-rf8w-7c3g-7h3g
Jenkins GitHub Integration Plugin has a cross-site request forgery (CSRF) vulnerability
상세
Jenkins GitHub Integration Plugin 0.7.3 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to trigger a build for a pull request.
GitHub Integration Plugin 0.7.4 requires POST requests for the affected HTTP endpoint.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
Maven / org.jenkins-ci.plugins:github-integration-parent
최초 영향 버전:
0 수정 버전: 0.7.4 수정
# pom.xml: bump <version>0.7.4</version> for org.jenkins-ci.plugins:github-integration-parent