logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2020-2237 org.jenkins-ci.plugins:flaky-test-handler

Package

Manager: maven
Name: org.jenkins-ci.plugins:flaky-test-handler
Vulnerable Version: >=0 <1.1.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00475 pctl0.63848

Details

CSRF vulnerability in Jenkins Flaky Test Handler Plugin Flaky Test Handler Plugin 1.0.4 and earlier does not require POST requests for the "Deflake this build" feature, resulting in a cross-site request forgery (CSRF) vulnerability. This vulnerability allows attackers to rebuild a project at a previous git revision where the tests were failing.

Metadata

Created: 2022-05-24T17:25:25Z
Modified: 2022-12-20T22:14:19Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vjf8-xw6c-wjhq/GHSA-vjf8-xw6c-wjhq.json
CWE IDs: ["CWE-352"]
Alternative ID: GHSA-vjf8-xw6c-wjhq
Finding: F007
Auto approve: 1