VYPR
← All advisories
Moderate severityNVD Advisory· Published Apr 4, 2019· Updated Aug 4, 2024

CVE-2019-10289

CVE-2019-10289

Description

Cross-site request forgery in Jenkins Netsparker Cloud Scan Plugin allows attackers to initiate connections to attacker-specified servers.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site request forgery in Jenkins Netsparker Cloud Scan Plugin allows attackers to initiate connections to attacker-specified servers.

Vulnerability

A cross-site request forgery vulnerability exists in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method [1][3].

Exploitation

An attacker can craft a malicious request that, when executed by a Jenkins user with appropriate permissions, triggers a CSRF attack, causing the plugin to initiate a connection to an attacker-specified server [3].

Impact

Successful exploitation allows an attacker to cause the Jenkins server to connect to an attacker-controlled server, potentially leading to further attacks such as server-side request forgery or information disclosure [1][3].

Mitigation

Upgrade to a version newer than 1.1.5, as recommended in the Jenkins security advisory [1]. No known workarounds are available.

References
  1. Jenkins Security Advisory 2019-04-03
  2. NVD - CVE-2019-10289

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.plugins:netsparker-cloud-scanMaven
< 1.1.61.1.6

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.