Flaky Test Handler Plugin 1.0.4 and earlier does not require POST requests for the "Deflake this build" feature, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to rebuild a project at a previous git revision where the tests were failing.

Affected Packages

Maven org.jenkins-ci.plugins:flaky-test-handler

Affected versions: 0 (fixed in 1.1.0)

Related CVEs

CVE-2020-2237

Key Information

GHSA ID

GHSA-vjf8-xw6c-wjhq

Published

May 24, 2022 5:25 PM

Last Modified

December 20, 2022 10:14 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:flaky-test-handler

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 25, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.