CSRF vulnerability in Jenkins GitLab Branch Source Plugin
Moderate severity
GitHub Reviewed
Published
Jan 24, 2024
to the GitHub Advisory Database
•
Updated Jan 31, 2024
Package
Affected versions
< 688.v5fa
Patched versions
688.v5fa
Description
Published by the National Vulnerability Database
Jan 24, 2024
Published to the GitHub Advisory Database
Jan 24, 2024
Reviewed
Jan 24, 2024
Last updated
Jan 31, 2024
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier does not require POST requests for a form validation endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to connect to an attacker-specified URL.
GitLab Branch Source Plugin 688.v5fa_356ee8520 requires POST requests for the affected form validation endpoint.
References