CVE-2023-37957

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jul 12, 2023

Updated: Jul 20, 2023

CWE ID 352

Summary

CVE-2023-37957 is a cross-site request forgery (CSRF) vulnerability affecting the Jenkins Pipeline restFul API Plugin version 0.11 and earlier. An attacker can exploit this flaw to force a Jenkins user into making unintended requests, resulting in the generation of a new JCLI token which the attacker can then capture and misuse. This can lead to unauthorized access to Jenkins pipeline operations and potential data breaches. Users are advised to update to the latest plugin version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r94wWH
https://www.cve.org/CVERecord?id=CVE-2023-37957
https://nvd.nist.gov/vuln/detail/CVE-2023-37957

Back to Vulnerability Database

CVE-2023-37957

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations