CVE-2019-1003017

MEDIUM5.3EPSS 0.08%

Jenkins Job Import Plugin CSRF vulnerability

Published: 5/13/2022Modified: 2/16/2024

Description

A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration.

Affected packages (1)

Maven/org.jenkins-ci.plugins:job-import-pluginfrom 0, < 3.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-1003017
PATCHhttps://github.com/jenkinsci/job-import-plugin
WEBhttps://github.com/jenkinsci/job-import-plugin/commit/8f826a684ba0969697d2a92a6f448aef8f03b66c
WEBhttps://jenkins.io/security/advisory/2019-01-28/#SECURITY-1302