Jenkins Lucene-Search Plugin vulnerable to Cross-Site Request Forgery
Moderate severity
GitHub Reviewed
Published
Apr 12, 2023
to the GitHub Advisory Database
•
Updated Jan 5, 2024
Package
Affected versions
<= 387.v938a
Patched versions
398.v3dfa_cb_223984
Description
Published by the National Vulnerability Database
Apr 12, 2023
Published to the GitHub Advisory Database
Apr 12, 2023
Reviewed
Apr 12, 2023
Last updated
Jan 5, 2024
Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to reindex the database.
References