Description
A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2022-3165 | A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration. |
Github GHSA |
GHSA-8crr-xf35-5f5p | Jenkins Job Import Plugin CSRF vulnerability |
References
History
No history.
Status: PUBLISHED
Assigner: jenkins
Published:
Updated: 2024-09-17T02:26:18.483Z
Reserved: 2019-02-06T00:00:00.000Z
Link: CVE-2019-1003017
No data.
Status : Modified
Published: 2019-02-06T16:29:00.843
Modified: 2026-06-17T02:09:32.910
Link: CVE-2019-1003017
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-352
Cross-Site Request Forgery (CSRF)
EUVD
Github GHSA