GHSA-mqj3-fc39-73fj, CVE-2019-10324
maven/org.jenkins-ci.plugins/artifactory
Cross-Site Request Forgery (CSRF)
A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedPromoteBuildAction#doSubmit allowed attackers to schedule a release build, perform release staging for Gradle and Maven projects, and promote previously staged builds, respectively.
All versions up to 3.2.2
Upgrade to version 3.2.3 or above.
2024-01-31
source |