Primary

Context

Jenkins GitHub Integration Plugin Cross-Site Request Forgery Vulnerability

Vulnerability

Patched

A cross-site request forgery (CSRF) vulnerability exists in Jenkins GitHub Integration Plugin versions through 0.7.3. This vulnerability allows attackers to trigger builds for pull requests by exploiting the lack of proper request validation.

Impact

Exploitation of this vulnerability allows for unauthorized triggering of builds on Jenkins pull requests, potentially leading to unintended code execution or integration issues.

Remediation

Users of Jenkins GitHub Integration Plugin should update to version 0.7.4, which addresses this vulnerability by requiring POST requests for the affected HTTP endpoint.

Added: May 27, 2026, 4:06 PM

Updated: May 27, 2026, 4:06 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

6.2

remediation

7.7

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

6.2

remediation

7.7

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jenkins GitHub Integration Plugin Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Jenkins GitHub Integration Plugin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating