GHSA-g6rx-2w84-xmgj, CVE-2023-41946
maven/io.jenkins.plugins/frugal-testing
Cross-Site Request Forgery (CSRF)
A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified username.
All versions up to 1.1
Unfortunately, there is no solution available yet.
2024-01-31
source |