CVE-2023-35141

CVSS v3.1 8 (High)

EPSS 0.11 % (45^th)

Affected Products 1

Advisories 3

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu.

Weaknesses

CWE-352: Cross-Site Request Forgery (CSRF)

CVE Status: PUBLISHED
CNA: Jenkins Project
Published Date: 2023-06-14 13:15:11
(15 months ago)
Updated Date: 2023-06-23 19:36:43
(15 months ago)

Affected Products

Jenkins

Jenkins

Configuration #1

		CPE23	From	Up To
	Jenkins prior 2.400 version	cpe:2.3:a:jenkins:jenkins::::*:-		< 2.400
	Jenkins prior 2.401.1 version	cpe:2.3:a:jenkins:jenkins::::*:lts		< 2.401.1