Jenkins Configuration Slicing Plugin 1.51 and earlier does not require POST requests for the form submission endpoint reconfiguring slices, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to apply different slice configurations to attacker-specified jobs.

Jenkins Configuration Slicing Plugin 1.52 requires POST requests for the affected HTTP endpoint.

Affected Packages

Maven org.jenkins-ci.plugins:configurationslicing

Affected versions: 0 (fixed in 1.52)

Related CVEs

CVE-2021-21617

Key Information

GHSA ID

GHSA-42mm-x828-56c7

Published

May 24, 2022 5:43 PM

Last Modified

October 27, 2023 1:41 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:configurationslicing

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 25, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.