Vulnerabilities (CVE)

Filtered by vendor Jenkins Subscribe
Filtered by product Poll Scm
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-1000093 1 Jenkins 1 Poll Scm 2024-02-28 6.8 MEDIUM 8.8 HIGH
Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it's similar to cache invalidation, the plugin specifically adds a permission to be able to use this functionality, and this issue undermines that permission.