CVE-2023-40351: CSRF
First published: Wed Aug 16 2023(Updated: )
A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Favorite View | <=5.v77a_37f62782d |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this CSRF vulnerability?
The vulnerability ID for this CSRF vulnerability is CVE-2023-40351.
What is the severity rating of CVE-2023-40351?
CVE-2023-40351 has a severity rating of 4.3, which is considered medium.
How does the CSRF vulnerability in Jenkins Favorite View Plugin occur?
The CSRF vulnerability in Jenkins Favorite View Plugin occurs because it does not require POST requests for an HTTP endpoint.
What can an attacker do through this CSRF vulnerability?
Through this CSRF vulnerability, attackers can add or remove views from another user's favorite views tab bar.
Are there any available fixes for CVE-2023-40351?
Yes, there are available fixes for CVE-2023-40351. It is recommended to refer to the official Jenkins security advisory for details on the fix.
- collector/nvd-api
- collector/github-advisory
- alias/GHSA-jrj6-qx48-3cpq
- alias/CVE-2023-40351
- collector/nvd-index
- collector/nvd-cve
- collector/github-advisory-latest
- agent/type
- agent/first-publish-date
- agent/references
- agent/softwarecombine
- agent/severity
- agent/author
- agent/weakness
- agent/description
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- vendor/jenkins
- canonical/jenkins favorite view
- version/jenkins favorite view/5.v77a_37f62782d
- package-manager/maven