N/A

A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

N/A

N/A

Jenkins Kubernetes Continuous Deploy 插件跨站请求伪造漏洞

Jenkins和Jenkins Plugin都是Jenkins开源的产品。Jenkins是一个应用软件。一个开源自动化服务器Jenkins提供了数百个插件来支持构建，部署和自动化任何项目。Jenkins Plugin是一个应用软件。 Jenkins Kubernetes Continuous Deploy 插件2.3.1及其之前版本存在跨站请求伪造漏洞，该漏洞源于插件缺少对于跨站请求伪造token的验证。攻击者使用特殊的凭据利用该漏洞连接到指定的SSH服务器，捕获存储在Jenkins中的凭据。

N/A

N/A