CVE-2021-21629 – org.jenkins-ci.plugins:build-with-parameters

Package

Manager: maven
Name: org.jenkins-ci.plugins:build-with-parameters
Vulnerable Version: >=0 <1.5.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00074 pctl0.23033

Details

CSRF vulnerability in Jenkins Build With Parameters Plugin Jenkins Build With Parameters Plugin 1.5 and earlier does not require POST requests for its form submission endpoint, resulting in a cross-site request forgery (CSRF) vulnerability. This vulnerability allows attackers to build a project with attacker-specified parameters. Build With Parameters Plugin 1.5.1 requires POST requests for the affected HTTP endpoint.

Metadata

Created: 2022-05-24T17:45:44Z
Modified: 2023-10-27T14:04:15Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w24g-24qg-v4w2/GHSA-w24g-24qg-v4w2.json
CWE IDs: ["CWE-352"]
Alternative ID: GHSA-w24g-24qg-v4w2
Finding: F007
Auto approve: 1