N/A

A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

N/A

N/A

Jenkins Team Foundation Server 跨站请求伪造漏洞

Jenkins Team Foundation Server是Jenkins开源的一个应用软件。提供了通过与管道兼容的步骤可用的功能。 Jenkins Team Foundation Server Plugin 5.157.1 and earlier 存在跨站请求伪造漏洞，攻击者可利用该漏洞指定的凭据id连接到指定的URL，捕获存储在Jenkins中的凭据。

N/A

N/A