Cross-site Request Forgery (CSRF) Affecting org.jenkins-ci.plugins:windocks-start-container package, versions [0,]
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsSnyk Learn
Learn about Cross-site Request Forgery (CSRF) vulnerabilities in an interactive lesson.
Start learning- Snyk IDSNYK-JAVA-ORGJENKINSCIPLUGINS-13775576
- published30 Oct 2025
- disclosed29 Oct 2025
- creditLotfi Yahi
Introduced: 29 Oct 2025
NewCVE-2025-64138 (opens in a new tab)How to fix?
There is no fixed version for org.jenkins-ci.plugins:windocks-start-container.
Overview
org.jenkins-ci.plugins:windocks-start-container is an Allows users to create running containers based on Images available on the WinDocks host.
WinDocks is a port of Docker’s open source to Windows, and supports all editions of Windows 8, Windows 10, Windows Server 2012, and Windows Server 2016. WinDocks supports standard Docker commands, and this plugin provides Http calls to create running containers based on Images available on the host.
For further information or to provide feedback, email support@windocks.com
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) via the HTTP endpoint. An attacker with Overall/Read permission can connect to an attacker-specified URL. This endpoint also does not require POST requests, allowing exploitation by submitting crafted requests.