CSRF Vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and Earlier Allows Unauthorized Access

CSRF Vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and Earlier Allows Unauthorized Access

CVE-2023-28674 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials.

Learn more about our Cis Benchmark Audit For Server Software.