04 Oct 2017
CVE-2017-1000090 - CVE Vulnerability
Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing legitimate access to Jenkins. (CVSS:0.0) (Last Update:2017-10-04)
Vulnerability Details : Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing legitimate access to Jenkins. Publish Date : 2017-10-04 Last Update Date : 2017-10-04 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2017-1000090
- References For CVE-2017-1000090
| ||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2017-1000090There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |