Cross-Site Request Forgery Vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and Earlier

Cross-Site Request Forgery Vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and Earlier

CVE-2019-10310 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins

Learn more about our Web Application Penetration Testing UK.