Cross-site Request Forgery (CSRF) Affecting com.soasta.jenkins:cloudtest Open this link in a new tab package, versions [0,]


0.0
medium
  • Attack Complexity

    Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-JAVA-COMSOASTAJENKINS-449984

  • published

    4 Jul 2019

  • disclosed

    3 Apr 2019

  • credit

    Viktor Gazdag

How to fix?

There is no fixed version for com.soasta.jenkins:cloudtest.

Overview

com.soasta.jenkins:cloudtest is a Jenkins plugin that provides the ability to easily run the MakeAppTouchTestable utility on an iOS or Android project.

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). A missing permission check in a form validation method allows users with Overall/Read permission to initiate a connection test to an attacker-specified URL with attacker-specified credentials and SSH key store options. The form validation method does not require POST requests, resulting in a CSRF vulnerability.