CVE-2023-24423

Cross-Site Request Forgery (CSRF) in maven/com.sonyericsson.hudson.plugins.gerrit/gerrit-trigger

Identifiers

CVE-2023-24423, GHSA-95jq-24cr-pgrq

Package Slug

maven/com.sonyericsson.hudson.plugins.gerrit/gerrit-trigger

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit.

Affected Versions

All versions before 2.38.1

Solution

Upgrade to version 2.38.1 or above.

Last Modified

2023-01-27

source