vulnerability

Jenkins Advisory 2023-06-14: CVE-2023-35141: CSRF protection bypass vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:S/C:C/I:C/A:C)	Jun 15, 2023	Jun 15, 2023	Mar 27, 2026

Severity

CVSS

(AV:N/AC:M/Au:S/C:C/I:C/A:C)

Published

Jun 15, 2023

Added

Jun 15, 2023

Modified

Mar 27, 2026

Description

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu.

Solutions

jenkins-lts-upgrade-2_401_1jenkins-upgrade-2_400

References

CVE-2023-35141
https://attackerkb.com/topics/CVE-2023-35141
CWE-352
EUVD-EUVD-2023-1762
https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-1762
https://jenkins.io/security/advisory/2023-06-14/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today