CVE-2023-33006: CSRF
First published: Tue May 16 2023(Updated: )
A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.jenkins-ci.plugins:wso2id-oauth | <=1.0 | |
| Jenkins Wso2 Oauth | <=1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-33006?
CVE-2023-33006 is classified as a medium severity cross-site request forgery (CSRF) vulnerability.
How do I fix CVE-2023-33006?
To fix CVE-2023-33006, you should upgrade the Jenkins WSO2 OAuth Plugin to version 1.1 or later.
What are the consequences of CVE-2023-33006?
Exploitation of CVE-2023-33006 allows attackers to trick users into performing actions as if they were logged into the attacker's account.
Who is affected by CVE-2023-33006?
CVE-2023-33006 affects users of Jenkins WSO2 OAuth Plugin version 1.0 and earlier.
Is the vulnerability in CVE-2023-33006 easy to exploit?
CVE-2023-33006 can be exploited relatively easily if the attacker can trick the victim into interacting with their malicious site.
- collector/github-advisory
- alias/GHSA-7xgj-j9hp-c692
- alias/CVE-2023-33006
- collector/nvd-index
- collector/nvd-cve
- collector/github-advisory-latest
- agent/first-publish-date
- agent/softwarecombine
- agent/type
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- package-manager/maven
- vendor/jenkins
- canonical/jenkins wso2 oauth
- version/jenkins wso2 oauth/1.0