CVE-2019-16550: Cross-Site Request Forgery (CSRF)

May 24, 2022 (updated December 14, 2023)

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.

References

www.openwall.com/lists/oss-security/2019/12/17/1
github.com/advisories/GHSA-g2x8-xw86-vpq3
github.com/jenkinsci/m2release-plugin/commit/1e4d6fee2eab16e7a396b6d3d5f10a87e5c29cc2
jenkins.io/security/advisory/2019-12-17/
nvd.nist.gov/vuln/detail/CVE-2019-16550

Detect and mitigate CVE-2019-16550 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →