CVE-2025-31723: Jenkins Simple Queue Plugin Cross-Site Request Forgery (CSRF)
Jenkins Simple Queue Plugin 1.4.6 and earlier does not require POST requests for multiple HTTP endpoints, resulting in cross-site request forgery (CSRF) vulnerabilities.
These vulnerabilities allow attackers to change and reset the build queue order.
Simple Queue Plugin 1.4.7 requires POST requests for the affected HTTP endpoints.
Administrators can enable equivalent HTTP endpoints without CSRF protection via the global configuration.
References
Code Behaviors & Features
Detect and mitigate CVE-2025-31723 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →