Allele Security Alert
ASA-2019-00611
Identifier(s)
ASA-2019-00611, CVE-2019-10471, SECURITY-1014 (1)
Title
Cross-Site Request Forgery (CSRF)
Vendor(s)
Philipp Bartsch
Marco Mornati
Nigel Magnay
Product(s)
Jenkins Libvirt Slaves Plugin
Affected version(s)
Jenkins Libvirt Slaves Plugin versions up to and including 1.8.5
Fixed version(s)
Unknown
Proof of concept
Unknown
Description
The form validation method does not require POST requests, resulting in a Cross-Site Request Forgery vulnerability (CSRF).
Technical details
Unknown
Credits
Oleg Nenashev (CloudBees, Inc)
Reference(s)
Jenkins Security Advisory 2019-10-23
https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1014 (1)
Jenkins security advisory
https://groups.google.com/d/msg/jenkinsci-advisories/KCv6eDsiV3Y/GNr0aDC3AQAJ
oss-security – Multiple vulnerabilities in Jenkins plugins
https://www.openwall.com/lists/oss-security/2019/10/23/2
Jenkins Plugins
https://plugins.jenkins.io/libvirt-slave
CVE-2019-10471
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10471
CVE-2019-10471
https://nvd.nist.gov/vuln/detail/CVE-2019-10471
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: December 6, 2019