Description

A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration other than Pipeline steps through the Pipeline Snippet Generator.

Severity (CVSS)

Base score4.3
SeverityMedium
VersionCVSS 3.1
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Provided byCISA-ADP

Weaknesses

  • CWE-352 — CWE-352 Cross-Site Request Forgery (CSRF)

Affected products

VendorProductVersions
Jenkins ProjectJenkins Pipeline: Groovy Plugin0 to <=4331.v9d06ed4658ff

References

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 25 Jun 2026 10:14 UTC.