CVE-2017-2613: Cross-Site Request Forgery (CSRF)
(updated )
Jenkins is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators’ web browsers could be manipulated to create user records.
References
Detect and mitigate CVE-2017-2613 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →