Loading HuntDB...

GHSA-gh5w-gffh-68pr

GitHub Security Advisory

Jenkins Lucene-Search Plugin vulnerable to Cross-Site Request Forgery

✓ GitHub Reviewed MODERATE Has CVE

Advisory Details

Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to reindex the database.

Affected Packages

Maven org.jenkins-ci.plugins:lucene-search
Affected versions: 0 (fixed in 398.v3dfa_cb_223984)

Related CVEs

Key Information

GHSA ID
GHSA-gh5w-gffh-68pr
Published
April 12, 2023 6:30 PM
Last Modified
April 12, 2023 10:19 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.plugins:lucene-search
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 25, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.