Primary

Context

Jenkins Simple Queue Plugin Cross-Site Request Forgery Vulnerability

Vulnerability

Patched

A cross-site request forgery (CSRF) vulnerability exists in Jenkins Simple Queue Plugin versions through 1.4.6. This vulnerability allows attackers to manipulate and reset the order of builds in the queue. The issue arises because the plugin's HTTP endpoints do not require POST requests, leaving them open to CSRF attacks.

Impact

Exploitation of this vulnerability allows for unauthorized changes to the build queue order, potentially disrupting the intended workflow and build processes.

Remediation

Users of Jenkins Simple Queue Plugin should update to version 1.4.7, which addresses the CSRF vulnerability by requiring POST requests for the affected HTTP endpoints.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jenkins Simple Queue Plugin Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Jenkins Simple Queue Plugin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating