Description
Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2022-5205 | Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin. |
Github GHSA |
GHSA-rp4x-xpgf-4xv7 | Complete lack of CSRF protection in Jenkins Selenium Plugin can lead to OS command injection |
References
History
No history.
Status: PUBLISHED
Assigner: jenkins
Published:
Updated: 2024-08-04T07:01:41.041Z
Reserved: 2019-12-05T00:00:00.000Z
Link: CVE-2020-2196
No data.
Status : Modified
Published: 2020-06-03T13:15:11.007
Modified: 2026-06-17T03:11:58.133
Link: CVE-2020-2196
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-352
Cross-Site Request Forgery (CSRF)
EUVD
Github GHSA