Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-jrj6-qx48-3cpq

GitHub Security Advisory

Jenkins Favorite View Plugin cross-site request forgery vulnerability

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to add or remove views from another user’s favorite views tab bar.

As of publication of this advisory, there is no fix.

Affected Packages

Maven org.jenkins-ci.plugins:favorite-view
Affected versions: 0 (last affected: 5.v77a)

Related CVEs

CVE-2023-40351

Key Information

GHSA ID
GHSA-jrj6-qx48-3cpq
Published
August 16, 2023 3:30 PM
Last Modified
August 18, 2023 2:29 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.plugins:favorite-view
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 24, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.