CSRF Vulnerability in Jenkins Selenium Plugin 3.141.59 and Earlier

CVE-2020-2196 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin.

Learn more about our Web Application Penetration Testing UK.