A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password.

Jenkins P4 Plugin 1.11.5 requires POST requests for the affected HTTP endpoints.

Affected Packages

Maven org.jenkins-ci.plugins:p4

Affected versions: 0 (fixed in 1.11.5)

Related CVEs

CVE-2021-21655

Key Information

GHSA ID

GHSA-3rj3-qp2j-4fj2

Published

March 18, 2022 5:53 PM

Last Modified

October 27, 2023 2:36 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:p4

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 5, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.