CVE-2023-35141

CVE-2023-35141

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu.

Source: CVE-2023-35141

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다