A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system.

Affected Packages

Maven org.jenkins-ci.plugins:websphere-deployer

Affected versions: 0 (last affected: 1.6.1)

Related CVEs

CVE-2019-16560

Key Information

GHSA ID

GHSA-c3wf-rrhq-rfp2

Published

May 24, 2022 5:03 PM

Last Modified

January 30, 2024 9:13 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:websphere-deployer

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 2, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.