Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it's similar to cache invalidation, the plugin specifically adds a permission to be able to use this functionality, and this issue undermines that permission.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CloudBees Poll SCM插件跨站请求伪造漏洞
Vulnerability Description
CloudBees Poll SCM Plugin是美国CloudBees公司的Jenkins(基于Java开发的持续集成工具)中的一个定时执行插件。 CloudBees Poll SCM插件存在跨站请求伪造漏洞,该漏洞源于程序没有要求使用POST请求来向API发送请求。远程攻击者可利用该漏洞轮询项目。
CVSS Information
N/A
Vulnerability Type
N/A