Cross-Site Request Forgery Vulnerability in Role-based Authorization Strategy Plugin

Cross-Site Request Forgery Vulnerability in Role-based Authorization Strategy Plugin

CVE-2017-1000090 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing legitimate access to Jenkins.

Learn more about our Api Penetration Testing.