CVE-2020-2241CSRF Vulnerability In Jenkins Database Plugin 1.6
Virsec Security Research Lab Vulnerability Analysis
The Virsec Security Research Lab provides detailed analysis on recent and notable security vulnerabilities.
A Cross-Site Request Forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials. Additionally, this form validation method does not require POST requests, resulting in a Cross-Site Request Forgery (CSRF) vulnerability.
Watch the video to learn more about this and other important vulnerabilities.
The CVSS Base score of this vulnerability is 8.8 (High)
Jenkins database Plugin 1.6 and prior.
Jenkins is an open source automation server that helps to automate building, testing, and deploying software in the CI/CD pipeline. It is integrated with project management software (JIRA), incident filing tools (Bugzilla), static analysis tools (Veracode), Legal Compliance tools (Black Duck), build tools (Ant, Maven) and version control tools (Subversion, Git). Millions of instances of Jenkins server are in use worldwide. No public exploit code for this vulnerability is available. A patch for this vulnerability exists.
Virsec Security Platform (VSP) Support
VSP-Web capability can detect such a CSRF attack and prevent this attack from being exploited.
Download the full vulnerability report to learn more about this and other important vulnerabilities.