CSRF Vulnerability in Jenkins Translation Assistance Plugin Allows Unauthorized String Overrides

CSRF Vulnerability in Jenkins Translation Assistance Plugin Allows Unauthorized String Overrides

CVE-2018-1000014 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator.

Learn more about our User Device Pen Test.