CVE-2020-2196: Cross-Site Request Forgery (CSRF)

May 24, 2022 (updated December 20, 2022)

Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin.

References

www.openwall.com/lists/oss-security/2020/06/03/3
www.openwall.com/lists/oss-security/2022/04/14/2
github.com/advisories/GHSA-rp4x-xpgf-4xv7
jenkins.io/security/advisory/2020-06-03/
nvd.nist.gov/vuln/detail/CVE-2020-2196

Code Behaviors & Features

Detect and mitigate CVE-2020-2196 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →