Jenkins Frugal Testing Plugin 1.1 CSRF allows credential hijack
CVE-2023-41946 Published on September 6, 2023

A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified username.

Vendor Advisory NVD

Products Associated with CVE-2023-41946

Want to know whenever a new CVE is published for Jenkins Frugal Testing? stack.watch will email you.

Jenkins Frugal Testing

Affected Versions

Jenkins Project Jenkins Frugal Testing Plugin:

Before and including 1.1 is affected.

Exploit Probability

EPSS

0.07%

Percentile

20.95%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Jenkins Frugal Testing Plugin 1.1 CSRF allows credential hijackCVE-2023-41946 Published on September 6, 2023

Products Associated with CVE-2023-41946

Affected Versions

Exploit Probability

Jenkins Frugal Testing Plugin 1.1 CSRF allows credential hijack
CVE-2023-41946 Published on September 6, 2023