[MAVEN:GHSA-4V5C-5V6C-37PJ] Jenkins Matrix Reloaded Plugin vulnerable to CSRF

Severity Moderate

Affected Packages 1

CVEs 1

Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability. This vulnerability allows attackers to rebuild previous matrix builds.

Package	Affected Version
pkg:maven/net.praqma/matrix-reloaded	<= 1.1.3

ID

MAVEN:GHSA-4V5C-5V6C-37PJ

Severity

moderate

URL

https://github.com/advisories/GHSA-4v5c-5v6c-37pj

Published

2022-07-01T00:01:07
(2 years ago)

Modified

2023-02-02T05:02:54
(19 months ago)

Rights

Maven Security Team

Other Advisories

JENKINS:SECURITY-2016

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2022-34789
			https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2016
			https://github.com/advisories/GHSA-4v5c-5v6c-37pj

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/net.praqma/matrix-reloaded	net.praqma	matrix-reloaded	<= 1.1.3

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date