GHSA-8r93-59cf-358f

Suggest an improvement
Source
https://github.com/advisories/GHSA-8r93-59cf-358f
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-8r93-59cf-358f/GHSA-8r93-59cf-358f.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-8r93-59cf-358f
Aliases
  • CVE-2024-23902
Published
2024-01-24T18:31:02Z
Modified
2024-01-31T21:52:02.654740Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
Summary
CSRF vulnerability in Jenkins GitLab Branch Source Plugin
Details

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier does not require POST requests for a form validation endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to connect to an attacker-specified URL.

GitLab Branch Source Plugin 688.v5fa_356ee8520 requires POST requests for the affected form validation endpoint.

Database specific
{
    "nvd_published_at": "2024-01-24T18:15:09Z",
    "cwe_ids": [
        "CWE-352"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-24T21:50:26Z"
}
References

Affected packages

Maven / io.jenkins.plugins:gitlab-branch-source

Package

Name
io.jenkins.plugins:gitlab-branch-source
View open source insights on deps.dev
Purl
pkg:maven/io.jenkins.plugins/gitlab-branch-source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
688.v5fa

Affected versions

0.*

0.0.5-alpha-2
0.0.7-beta
0.0.8-beta

1.*

1.0.0
1.1.0
1.1.1-alpha
1.1.2-alpha
1.2.0
1.2.1
1.2.2
1.3.0
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.5.9

621.*

621.vd49608f876da_

623.*

623.vcc98dc4b_0ce4

625.*

625.v85cf3a_400cfe

628.*

628.ve99e3d4df4b_8

629.*

629.vb_cc76608e806

630.*

630.v04ca_c57fa_880

633.*

633.ved9984f943da_

636.*

636.v55fd8144d335

640.*

640.v7101b_1c0def9

642.*

642.v9ed86b_b_54384

643.*

643.vdc12a_4a_06434

644.*

644.va_a_66886e07b_5

645.*

645.v62a_b_6fce8659

646.*

646.vb_9560d64b_69f

647.*

647.vdee7766b_cfa_e

649.*

649.v0dda_db_88b_5ee

650.*

650.va_d1ce6d01959

659.*

659.va_685a_51fda_db_

660.*

660.vd45c0f4c0042

663.*

663.v2602c3e6376d

664.*

664.v877fdc293c89

670.*

670.vf7df45517001

671.*

671.v67b_7169092ca_

672.*

672.vd8b_0b_b_a_db_1b_3

677.*

677.v0b_63b_038322b_

679.*

679.v1dfd3604d46e

680.*

680.vc179a_1a_37915

684.*

684.vea_fa_7c1e2fe3