CSRF Vulnerability in Jenkins HTMLResource Plugin Allows Arbitrary File Deletion

CSRF Vulnerability in Jenkins HTMLResource Plugin Allows Arbitrary File Deletion

CVE-2023-50774 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

A cross-site request forgery (CSRF) vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier allows attackers to delete arbitrary files on the Jenkins controller file system.

Learn more about our Web Application Penetration Testing UK.