VDB
EN
MEDIUM 4.3

GHSA-rf8w-7c3g-7h3g

Jenkins GitHub Integration Plugin has a cross-site request forgery (CSRF) vulnerability

상세

Jenkins GitHub Integration Plugin 0.7.3 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to trigger a build for a pull request.

GitHub Integration Plugin 0.7.4 requires POST requests for the affected HTTP endpoint.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

Maven / org.jenkins-ci.plugins:github-integration-parent
최초 영향 버전: 0 수정 버전: 0.7.4
수정 # pom.xml: bump <version>0.7.4</version> for org.jenkins-ci.plugins:github-integration-parent

참고