CVE-2019-10324

Cross-Site Request Forgery (CSRF) in maven/org.jenkins-ci.plugins/artifactory

Identifiers

GHSA-mqj3-fc39-73fj, CVE-2019-10324

Package Slug

maven/org.jenkins-ci.plugins/artifactory

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedPromoteBuildAction#doSubmit allowed attackers to schedule a release build, perform release staging for Gradle and Maven projects, and promote previously staged builds, respectively.

Affected Versions

All versions up to 3.2.2

Solution

Upgrade to version 3.2.3 or above.

Last Modified

2024-01-31

source