Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier does not require POST requests for a form validation endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to connect to an attacker-specified URL.

GitLab Branch Source Plugin 688.v5fa_356ee8520 requires POST requests for the affected form validation endpoint.

Affected Packages

Maven io.jenkins.plugins:gitlab-branch-source

Affected versions: 0 (fixed in 688.v5fa)

Related CVEs

CVE-2024-23902

Key Information

GHSA ID

GHSA-8r93-59cf-358f

Published

January 24, 2024 6:31 PM

Last Modified

January 31, 2024 9:46 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

io.jenkins.plugins:gitlab-branch-source

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 3, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.