Moderate severityNVD Advisory· Published Jan 24, 2023· Updated Apr 2, 2025

CVE-2023-24423

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
com.sonyericsson.hudson.plugins.gerrit:gerrit-triggerMaven	< 2.38.1	2.38.1

Affected products

ghsa-coords
pkg:maven/com.sonyericsson.hudson.plugins.gerrit/gerrit-trigger
Range: < 2.38.1
Jenkins Project/Gerrit Trigger Plugincpe-rescue
Range: unspecified

Patches

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-95jq-24cr-pgrqghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2023-24423ghsaADVISORY
github.com/jenkinsci/gerrit-trigger-plugin/commit/691d76fdf54d659f8585ea3cbc3cce60d9edfec8ghsaWEB
www.jenkins.io/security/advisory/2023-01-24/ghsaWEB

News mentions

Jenkins Security Advisory 2023-01-24
Jenkins Security Advisories · Jan 24, 2023

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000