CVE-2019-10408
UNKNOWN
Published 2019-09-25T15:05:32
Actions:
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2019-10408. We'll provide specific mitigation strategies based on your environment and risk profile.
No CVSS data available
Description
A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates.
Available Exploits
No exploits available for this CVE.
Related News
No news articles found for this CVE.
Affected Products
Affected Versions:
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
✓ GitHub Reviewed
MODERATE
Jenkins Project Inheritance Plugin vulnerable to Cross-Site Request Forgery
GHSA-xc7q-p3f4-q389Advisory Details
Project Inheritance Plugin allows the creation of projects based on templates defined in the plugin configuration.
A missing permission check in the HTTP endpoint triggering project creation allowed users with Overall/Read permission to create these projects. Additionally, the HTTP endpoint did not require POST requests, resulting in a CSRF vulnerability.
The HTTP endpoint triggering project creation now requires Item/Create permission and submission of requests via POST.
Affected Packages
Maven
hudson.plugins:project-inheritance
ECOSYSTEM:
≥0
<19.08.2
CVSS Scoring
CVSS Score
5.0
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
References
Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: February 23, 2023
References
Published: 2019-09-25T15:05:32
Last Modified: 2024-08-04T22:24:16.960Z
Copied to clipboard!