Cross-Site Request Forgery Vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and Earlier
CVE-2019-10310 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins
Learn more about our Web Application Penetration Testing UK.