A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors Products
Jenkins
  • Assembla

Configuration 1 [-]

cpe:2.3:a:jenkins:assembla:*:*:*:*:*:jenkins:*:*
References
Link Resource
http://www.openwall.com/lists/oss-security/2023/07/12/2 Mailing List Third Party Advisory
https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2988 Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: jenkins

Published: 2023-07-12T15:52:59.990Z

Updated: 2023-10-24T12:51:06.586Z

Reserved: 2023-07-11T09:47:04.496Z

Link: CVE-2023-37961

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2023-07-12T16:15:13.990

Modified: 2023-07-20T02:15:58.907

Link: CVE-2023-37961

JSON object: View

cve-icon Redhat Information

No data.

CWE