CSRF in Jenkins Benchmark Evaluator Plugin 1.0.1 exposes FS via attacker URL
CVE-2023-37962 Published on July 12, 2023

A cross-site request forgery (CSRF) vulnerability in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system.

Vendor Advisory NVD

Products Associated with CVE-2023-37962

Want to know whenever a new CVE is published for Jenkins Benchmark Evaluator? stack.watch will email you.

Jenkins Benchmark Evaluator

Affected Versions

Jenkins Project Jenkins Benchmark Evaluator Plugin:

Before and including 1.0.1 is affected.

Exploit Probability

EPSS

0.18%

Percentile

39.04%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CSRF in Jenkins Benchmark Evaluator Plugin 1.0.1 exposes FS via attacker URLCVE-2023-37962 Published on July 12, 2023

Products Associated with CVE-2023-37962

Affected Versions

Exploit Probability

CSRF in Jenkins Benchmark Evaluator Plugin 1.0.1 exposes FS via attacker URL
CVE-2023-37962 Published on July 12, 2023