CVE-2019-1003080
Description
A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Jenkins OpenShift Deployer Plugin CSRF flaw in form validation enables attacker-initiated connections to arbitrary servers.
Vulnerability
The Jenkins OpenShift Deployer Plugin is susceptible to a cross-site request forgery (CSRF) vulnerability in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method [1]. This allows attackers to initiate a connection to an attacker-specified server [1][3]. No specific version range is disclosed in the available references, but the advisory indicates the plugin is affected [1].
Exploitation
To exploit this vulnerability, an attacker must trick a Jenkins user (who has proper permissions) into performing actions, such as clicking a crafted link [1]. No authentication is required for the attacker, but the victim must have access to Jenkins. The attacker can then forge requests to the vulnerable endpoint [1].
Impact
Successful exploitation allows an attacker to initiate a connection from the Jenkins server to an attacker-controlled server [1][3]. This could be used for network reconnaissance, data exfiltration, or as part of a larger attack chain. The exact impact depends on the attacker's objectives and the network environment.
Mitigation
Jenkins has not yet released a fix for this vulnerability; users are advised to watch the Jenkins security advisory page [1]. No workarounds are mentioned in the available references. The plugin may be considered affected and should be updated when a patch becomes available [1].
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:openshift-deployerMaven | <= 1.2.0 | — |
Affected products
3- Range: all versions as of 2019-04-03
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-jp4r-pf5r-4wg8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-1003080ghsaADVISORY
- www.openwall.com/lists/oss-security/2019/04/12/2ghsamailing-listx_refsource_MLISTWEB
- www.securityfocus.com/bid/107790ghsavdb-entryx_refsource_BIDWEB
- jenkins.io/security/advisory/2019-04-03/ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.