CVE-2023-35141
CVSS v3.1
8 (High)
EPSS
0.11 % (45th)
Affected Products
1
Advisories
3
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu.
Weaknesses
- CWE-352
- Cross-Site Request Forgery (CSRF)
- CVE Status
- PUBLISHED
- CNA
- Jenkins Project
- Published Date
-
2023-06-14 13:15:11
(15 months ago) - Updated Date
-
2023-06-23 19:36:43
(15 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...