Cross-site Request Forgery (CSRF) Affecting com.soasta.jenkins:cloudtest Open this link in a new tab package, versions [0,]
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
4 Jul 2019
3 Apr 2019
How to fix?
There is no fixed version for
com.soasta.jenkins:cloudtest is a Jenkins plugin that provides the ability to easily run the MakeAppTouchTestable utility on an iOS or Android project.
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). A missing permission check in a form validation method allows users with Overall/Read permission to initiate a connection test to an attacker-specified URL with attacker-specified credentials and SSH key store options. The form validation method does not require POST requests, resulting in a CSRF vulnerability.