CVE-2017-1000090

Description

Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing legitimate access to Jenkins.

Risk Information

Base Score

8.8

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

0.062

Associated Vulnerability

Vulnerability	OS Platform
Vulnerabilities CVE-2017-1000090 are fixed in Jenkins - role-strategy 2.5.1	Windows
Vulnerabilities CVE-2017-1000090 are fixed in Jenkins - role-strategy for Linux 2.5.1	Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234