Cross-site Request Forgery (CSRF) Affecting com.soasta.jenkins:cloudtest Open this link in a new tab package, versions [0,]

  • Attack Complexity


Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id


  • published

    4 Jul 2019

  • disclosed

    3 Apr 2019

  • credit

    Viktor Gazdag

How to fix?

There is no fixed version for com.soasta.jenkins:cloudtest.


com.soasta.jenkins:cloudtest is a Jenkins plugin that provides the ability to easily run the MakeAppTouchTestable utility on an iOS or Android project.

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). A missing permission check in a form validation method allows users with Overall/Read permission to initiate a connection test to an attacker-specified URL with attacker-specified credentials and SSH key store options. The form validation method does not require POST requests, resulting in a CSRF vulnerability.