Cross-site request forgery in Jenkins Gerrit Trigger Plugin
Moderate severity
GitHub Reviewed
Published
Jan 26, 2023
to the GitHub Advisory Database
•
Updated Jan 4, 2024
Package
Affected versions
< 2.38.1
Patched versions
2.38.1
Description
Published by the National Vulnerability Database
Jan 26, 2023
Published to the GitHub Advisory Database
Jan 26, 2023
Reviewed
Jan 27, 2023
Last updated
Jan 4, 2024
A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit.
References