A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2019-03-28T17:59:29
Updated: 2024-08-05T03:07:17.889Z
Reserved: 2019-03-28T00:00:00
Link: CVE-2019-1003044
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-03-28T18:29:00.420
Modified: 2024-11-21T04:17:48.033
Link: CVE-2019-1003044
Redhat
No data.