Vulnerability Details CVE-2023-37957
A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and earlier allows attackers to connect to an attacker-specified URL, capturing a newly generated JCLI token.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.1%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2023-37957
-
cpe:2.3:a:jenkins:pipeline_restful_api:0.1
-
cpe:2.3:a:jenkins:pipeline_restful_api:0.10
-
cpe:2.3:a:jenkins:pipeline_restful_api:0.11
-
cpe:2.3:a:jenkins:pipeline_restful_api:0.2
-
cpe:2.3:a:jenkins:pipeline_restful_api:0.3
-
cpe:2.3:a:jenkins:pipeline_restful_api:0.4
-
cpe:2.3:a:jenkins:pipeline_restful_api:0.5
-
cpe:2.3:a:jenkins:pipeline_restful_api:0.6
-
cpe:2.3:a:jenkins:pipeline_restful_api:0.7
-
cpe:2.3:a:jenkins:pipeline_restful_api:0.8
-
cpe:2.3:a:jenkins:pipeline_restful_api:0.9