[MAVEN:GHSA-X263-HP5C-P2RJ] Jenkins OctoPerf Load Testing Plugin vulnerable to Cross-site Request Forgery
Severity
Moderate
Affected Packages
1
Fixed Packages
1
CVEs
1
OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier does not perform permission checks in several HTTP endpoints.
This allows attackers with Overall/Read permission to connect to a previously configured Octoperf server using attacker-specified credentials.
Additionally, these endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.
OctoPerf Load Testing Plugin Plugin 4.5.3 requires POST requests and the appropriate permissions for the affected HTTP endpoints.
Package | Affected Version |
---|---|
pkg:maven/org.jenkinsci.plugins/octoperf | < 4.5.3 |
Package | Fixed Version |
---|---|
pkg:maven/org.jenkinsci.plugins/octoperf | = 4.5.3 |
- ID
- MAVEN:GHSA-X263-HP5C-P2RJ
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-x263-hp5c-p2rj
- Published
-
2023-04-02T21:30:17
(17 months ago) - Modified
-
2023-04-10T16:25:33
(17 months ago) - Rights
- Maven Security Team
- Other Advisories
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |