Home

CVE-2019-16550

Description

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.122

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2019-16549,CVE-2019-16550 are fixed in Jenkins - m2release 0.16.2Windows
Vulnerabilities CVE-2019-16549,CVE-2019-16550 are fixed in Jenkins - m2release for Linux 0.16.2Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234