CVE-2017-2613: Cross-Site Request Forgery (CSRF)

May 15, 2018 (updated October 9, 2019)

Jenkins is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators’ web browsers could be manipulated to create user records.

References

www.securityfocus.com/bid/95967
bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2613
jenkins.io/security/advisory/2017-02-01/
nvd.nist.gov/vuln/detail/CVE-2017-2613

Detect and mitigate CVE-2017-2613 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →