[MAVEN:GHSA-MQJ3-FC39-73FJ] Cross-site request forgery vulnerability in Jenkins Artifactory Plugin

Severity Moderate

Affected Packages 1

Fixed Packages 1

CVEs 1

A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedPromoteBuildAction#doSubmit allowed attackers to schedule a release build, perform release staging for Gradle and Maven projects, and promote previously staged builds, respectively.

Package	Affected Version
pkg:maven/org.jenkins-ci.plugins/artifactory	<= 3.2.2

Package	Fixed Version
pkg:maven/org.jenkins-ci.plugins/artifactory	= 3.2.3

ID

MAVEN:GHSA-MQJ3-FC39-73FJ

Severity

moderate

URL

https://github.com/advisories/GHSA-mqj3-fc39-73fj

Published

2022-05-24T22:00:03
(2 years ago)

Modified

2024-01-30T21:24:58
(7 months ago)

Rights

Maven Security Team

Other Advisories

JENKINS:SECURITY-1347

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2019-10324
			https://jenkins.io/security/advisory/2019-05-31/#SECURITY-1347
			http://www.openwall.com/lists/oss-security/2019/05/31/2
			http://www.securityfocus.com/bid/108540
			https://github.com/jenkinsci/artifactory-plugin/commit/687cc2b4e9ad62c0bdcee4afc9e8e90c5089ee58
			https://github.com/advisories/GHSA-mqj3-fc39-73fj

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.jenkins-ci.plugins/artifactory	org.jenkins-ci.plugins	artifactory	<= 3.2.2
Fixed	pkg:maven/org.jenkins-ci.plugins/artifactory	org.jenkins-ci.plugins	artifactory	= 3.2.3

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date