Jenkins, an open-source server for automating software development, disclosed patches for vulnerabilities of high and moderate severity affecting multiple plugins.
The Folders, Flaky Test Handler, and Shortcut Job plugins each have three serious cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities that the patches fix.
The first bug, identified as CVE-2023-40336, occurs because the Folders plugin in versions 6.846.v23698686f0f6 and earlier did not require POST requests for an HTTP endpoint, resulting in CSRF.
Jenkins explains in an advisory that “this vulnerability allows attackers to copy an item, which could potentially automatically approve unsandboxed scripts and allow the execution of unsafe scripts.”
Read More: Jenkins Patches High-Severity Vulnerabilities in Multiple Plugins
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.