logo

Database

Cross-site request forgery In org.jenkins-ci.plugins:junit

Description

Jenkins JUnit Plugin CSRF vulnerability A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2018-10004112. NVD-2018-10004113. OSV-2018-10004114. GCVE-2018-1000411

References

1. https://github.com/jenkinsci/junit-plugin/commit/091ee0dc8dd6023713827ce1a5914fa9fa9b60432. https://github.com/jenkinsci/junit-plugin3. https://jenkins.io/security/advisory/2018-09-25/#SECURITY-11014. https://web.archive.org/web/20200227092927/http://www.securityfocus.com/bid/106532

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.