Cross-Site Request Forgery Vulnerability in Jenkins Config File Provider Plugin

Cross-Site Request Forgery Vulnerability in Jenkins Config File Provider Plugin

CVE-2018-1000414 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:P

A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions.

Learn more about our Web Application Penetration Testing UK.