How severe is CVE-2017-1000093?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2017-1000093?

This is classified as CWE-352, which is a common weakness in software security.

CVE-2017-1000093 - HIGH Severity | CVSS 8.8

Vulnerability Description

Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it's similar to cache invalidation, the plugin specifically adds a permission to be able to use this functionality, and this issue undermines that permission.

Related Vulnerabilities

CVE-2004-1703

HIGH

CVSS:8.8(High)

Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is e...

CWE-3522004

CVE-2004-1842

HIGH

CVSS:8.8(High)

Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php.

CWE-3522004

CVE-2004-1967

HIGH

CVSS:8.8(High)

Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0....

CWE-3522004

CVE-2008-3938

HIGH

CVSS:8.8(High)

Cross-site request forgery (CSRF) vulnerability in user_admin.php in Open Media Collectors Database (OpenDb) 1.0.6 allows remote attackers to change arbitrary passwords via an update_password action.

CWE-3522008

CVE-2009-3520

HIGH

CVSS:8.8(High)

Cross-site request forgery (CSRF) vulnerability in the Your_account module in CMSphp 0.21 allows remote attackers to hijack the authentication of administrators for requests that change an administrat...

CWE-3522009

CVE-2009-3759

HIGH

CVSS:8.8(High)

Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for...

CWE-3522009