CVE-2023-39153

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jul 26, 2023

Updated: Jul 31, 2023

CWE ID 352

Summary

CVE-2023-39153 is a cross-site request forgery (CSRF) vulnerability affecting the Jenkins GitLab Authentication Plugin version 1.17.1 and earlier. This issue permits attackers to manipulate users into logging into their own malicious accounts, potentially resulting in unauthorized access to Jenkins instances. Successful exploitation relies on users unsuspectingly clicking on a maliciously crafted link, making it crucial for users to apply the available patch or upgrade their plugin to a secure version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sHGd7M
https://www.cve.org/CVERecord?id=CVE-2023-39153
https://nvd.nist.gov/vuln/detail/CVE-2023-39153

Back to Vulnerability Database

CVE-2023-39153

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations