A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified username.

Affected Packages

Maven io.jenkins.plugins:frugal-testing

Affected versions: 0 (last affected: 1.1)

Related CVEs

CVE-2023-41946

Key Information

GHSA ID

GHSA-g6rx-2w84-xmgj

Published

September 6, 2023 3:30 PM

Last Modified

January 30, 2024 11:00 PM

CVSS Score

2.5 /10

Primary Ecosystem

Maven

Primary Package

io.jenkins.plugins:frugal-testing

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 24, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.