Back to bug 2215074
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Guilherme de Almeida Suckevicz | 2023-06-14 18:33:44 UTC | Blocks | 2215113 | |
| Patrick Del Bello | 2023-06-16 20:06:09 UTC | CC | dfreiber, jburrell, rogbas, vkumar | |
| Avinash Hanwate | 2023-06-21 06:28:09 UTC | Summary | TRIAGE-CVE-2023-35141 jenkins: CSRF protection bypass vulnerability | CVE-2023-35141 jenkins: CSRF protection bypass vulnerability |
| Alias | TRIAGE-CVE-2023-35141 | CVE-2023-35141 | ||
| Avinash Hanwate | 2023-06-21 06:34:43 UTC | Doc Text | Jenkins and Jenkins LTS could allow a remote authenticated attacker to bypass security restrictions, caused by the inclusion of insufficiently escaped user-provided values in part of the URL. By persuading a victim to open a context menu, an attacker could exploit this vulnerability to send a POST request to an unexpected endpoint. | |
| Avinash Hanwate | 2023-06-21 06:43:51 UTC | Doc Text | Jenkins and Jenkins LTS could allow a remote authenticated attacker to bypass security restrictions, caused by the inclusion of insufficiently escaped user-provided values in part of the URL. By persuading a victim to open a context menu, an attacker could exploit this vulnerability to send a POST request to an unexpected endpoint. | Jenkins and Jenkins LTS could allow a remote, authenticated attacker to bypass security restrictions, caused by the inclusion of insufficiently escaped user-provided values in part of the URL. By persuading a victim to open a context menu, an attacker could exploit this vulnerability to send a POST request to an unexpected endpoint. |
| RaTasha Tillery-Smith | 2023-06-21 13:50:05 UTC | Doc Text | Jenkins and Jenkins LTS could allow a remote, authenticated attacker to bypass security restrictions, caused by the inclusion of insufficiently escaped user-provided values in part of the URL. By persuading a victim to open a context menu, an attacker could exploit this vulnerability to send a POST request to an unexpected endpoint. | A flaw was found in Jenkins and Jenkins Long-Term Support (LTS), where it could allow a remote, authenticated attacker to bypass security restrictions caused by the inclusion of insufficiently escaped user-provided values in part of the URL. An attacker can send a POST request to an unexpected endpoint by persuading a victim to open a context menu. |
| Red Hat Bugzilla | 2023-07-07 08:29:37 UTC | Assignee | security-response-team | nobody |
Back to bug 2215074