CSRF vulnerability in Jenkins Libvirt Agents Plugin
High severity
GitHub Reviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Dec 22, 2023
Package
Affected versions
<= 1.9.0
Patched versions
1.9.1
Description
Published by the National Vulnerability Database
Mar 18, 2021
Published to the GitHub Advisory Database
May 24, 2022
Reviewed
Dec 14, 2022
Last updated
Dec 22, 2023
Credits
-
NotMyFault Analyst
Jenkins Libvirt Agents Plugin 1.9.0 and earlier does not require POST requests for a form submission endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to stop hypervisor domains.
Jenkins Libvirt Agents Plugin 1.9.1 requires POST requests for the affected HTTP endpoint.
References