CVE-2023-40351

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Aug 16, 2023
Updated: Aug 22, 2023
CWE ID 352

Summary

CVE-2023-40351 is a newly disclosed cross-site request forgery (CSRF) vulnerability affecting the Jenkins Favorite View Plugin version 5.v77a_37f62782d and prior. This issue permits attackers to manipulate another user's favorite views tab bar by executing malicious requests. As a result, users can unwittingly add or remove favorite views, potentially disrupting their workflows or compromising critical configurations. This vulnerability underscores the importance of keeping Jenkins plugins updated to mitigate potential security risks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share