Jenkins Assembla Auth Plugin vulnerable to cross-site request forgery
Discription

Jenkins Assembla Auth Plugin 1.14 and earlier does not implement a state parameter in its OAuth flow, a unique and non-guessable value associated with each authentication request.

This vulnerability allows attackers to trick users into logging in to the attacker’s account.Read More

Back to Main

Subscribe for the latest news: