CVE-2019-10310: Cross-Site Request Forgery (CSRF)
(updated )
A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins
References
- www.openwall.com/lists/oss-security/2019/04/30/5
- github.com/advisories/GHSA-vrvm-459q-j824
- nvd.nist.gov/vuln/detail/CVE-2019-10310
- web.archive.org/web/20200227073756/http://www.securityfocus.com/bid/108159
- www.jenkins.io/security/advisory/2019-04-30/
- www.talosintelligence.com/vulnerability_reports/TALOS-2019-0786
Detect and mitigate CVE-2019-10310 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →