Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

CVE-2023-39153

UNKNOWN

Published 2023-07-26T13:54:53.558Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-39153. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Jenkins Project

Jenkins GitLab Authentication Plugin

Affected Versions:

0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

CSRF vulnerability in GitLab Authentication Plugin

GHSA-cg6r-gqvc-r396

Advisory Details

GitLab Authentication Plugin 1.17.1 and earlier does not implement a state parameter in its OAuth flow, a unique and non-guessable value associated with each authentication request. This vulnerability allows attackers to trick users into logging in to the attacker’s account. GitLab Authentication Plugin 1.18 implements a state parameter in its OAuth flow.

Affected Packages

Maven org.jenkins-ci.plugins:gitlab-oauth

ECOSYSTEM: ≥0 <1.18

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-39153

WEB https://github.com/jenkinsci/gitlab-oauth-plugin/commit/d5bdf767e6be2efa2e9d8f8cf99b98726bb5f29d

WEB https://github.com/jenkinsci/gitlab-oauth-plugin

WEB https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-2696

WEB http://www.openwall.com/lists/oss-security/2023/07/26/2

Advisory provided by GitHub Security Advisory Database. Published: July 26, 2023, Modified: July 31, 2023

References

https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-2696

http://www.openwall.com/lists/oss-security/2023/07/26/2

Published: 2023-07-26T13:54:53.558Z

Last Modified: 2024-10-23T14:47:07.364Z

Copied to clipboard!