CVE-2019-16550

HIGH

Jenkins Maven Release Plugin <0.16.1 - CSRF

Title source: llm

Description

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1681

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/12/17/1

Scores

CVSS v3 8.8

EPSS 0.0012

EPSS Percentile 30.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (2)

jenkins/maven < 0.16.1

org.jenkins-ci.plugins.m2release/m2release 0 - 0.16.2Maven

Published Dec 17, 2019

Tracked Since Feb 18, 2026