CVE-2020-2196: Cross-Site Request Forgery (CSRF)

June 3, 2020

Jenkins Selenium Plugin has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin.

References

jenkins.io/security/advisory/2020-06-03/
nvd.nist.gov/vuln/detail/CVE-2020-2196

Detect and mitigate CVE-2020-2196 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →