CVE-2023-3414

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jul 26, 2023

Updated: Aug 1, 2023

CWE ID 770

Summary

CVE-2023-3414 is a cross-site request forgery (CSRF) vulnerability affecting versions of the Jenkins Plug-in for ServiceNow DevOps below 1.38.1. Successful exploitation of this issue could lead to the unintended disclosure of sensitive information. To mitigate this risk, it's recommended to update the Jenkins plug-in to version 1.38.1 on your server. No modifications are necessary for instances of the Now Platform.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Software Foundation Struts
Apache Struts
Apache Struts 2.2

Affected Vendors

Apache Software Foundation
Apache Corporation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rn6Zo-
https://www.cve.org/CVERecord?id=CVE-2023-3414
https://nvd.nist.gov/vuln/detail/CVE-2023-3414

Back to Vulnerability Database