A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers to connect to a Service Fabric URL using attacker-specified credentials IDs obtained through another method.

Affected Packages

Maven org.jenkins-ci.plugins:service-fabric

Affected versions: 0 (last affected: 1.6)

Related CVEs

CVE-2025-24402

Key Information

GHSA ID

GHSA-wh3h-j8wp-6p42

Published

January 22, 2025 6:31 PM

Last Modified

January 22, 2025 7:31 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:service-fabric

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 24, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.