CVE-2019-16550

HIGH8.8EPSS 0.12%

Cross-site request forgery (CSRF) vulnerability in Jenkins Maven Release Plugin

Published: 5/24/2022Modified: 2/16/2024

Description

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.

Affected packages (1)

Maven/org.jenkins-ci.plugins.m2release:m2releasefrom 0, < 0.16.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-16550
PATCHhttps://github.com/jenkinsci/m2release-plugin
WEBhttps://github.com/jenkinsci/m2release-plugin/commit/1e4d6fee2eab16e7a396b6d3d5f10a87e5c29cc2
WEBhttps://jenkins.io/security/advisory/2019-12-17/#SECURITY-1681
WEBhttp://www.openwall.com/lists/oss-security/2019/12/17/1