Moderate severityNVD Advisory· Published Apr 2, 2025· Updated Apr 2, 2025
CVE-2025-31723
CVE-2025-31723
Description
A cross-site request forgery (CSRF) vulnerability in Jenkins Simple Queue Plugin 1.4.6 and earlier allows attackers to change and reset the build queue order.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.jenkins.plugins:simple-queueMaven | < 1.4.7 | 1.4.7 |
Affected products
1- Range: 0
Patches
1c1094666dcd1[SECURITY-3469][SECURITY-3470]
5 files changed · +35 −30
docs_src/docs/CLI.md+6 −6 modified@@ -32,34 +32,34 @@ The `viewName` is optional and is obvious. The `moveType` too (its [full enumera `viewName` have no efect, it is only for in-view movement (see later). If you use some special custom default view, you may need to add it. If so, enhance below **four** DOWN/UP examples by `viewName=my_weird_default_view`. ##### DOWN/DOWN_FAST ``` -curl "http://jenkins_url/simpleMove/move?moveType=DOWN_FAST&itemId=my-job-name" +curl -XPOST --user username:apitoken "http://jenkins_url/simpleMove/move?moveType=DOWN_FAST&itemId=my-job-name" ``` for item to move to bottom - to run before all others now ``` -curl "http://jenkins_url/simpleMove/move?moveType=DOWN&itemId=my-job-name" +curl -XPOST --user username:apitoken "http://jenkins_url/simpleMove/move?moveType=DOWN&itemId=my-job-name" ``` for item one step forward - to run before the job, it was supposed to run before this one originally To slow down job **my-job-name** (in view my_view) you end up on: ##### UP/UP_FAST ``` -curl "http://jenkins_url/simpleMove/move?moveType=UP_FAST&itemId=my-job-name" +curl -XPOST --user username:apitoken "http://jenkins_url/simpleMove/move?moveType=UP_FAST&itemId=my-job-name" ``` for item to move to top - to run last of all others now ``` -curl "http://jenkins_url/simpleMove/move?moveType=UP&itemId=my-job-name" +curl -XPOST --user username:apitoken "http://jenkins_url/simpleMove/move?moveType=UP&itemId=my-job-name" ``` for item one step up - to run later than the job, which was supposed to run right after this one originally #### in-view movement in which `viewName=my_view` is **mandatory** right after `viewName`. the UP/UP_FAST/DOWN/DOWN_FAST still behave in global space, and as expected. To jump to the top/bottom of view, there are two additional commands ##### BOTTOM ``` -curl "http://jenkins_url/simpleMove/move?moveType=BOTTOM&itemId=my-job-name&viewName=my_view" +curl -XPOST --user username:apitoken "http://jenkins_url/simpleMove/move?moveType=BOTTOM&itemId=my-job-name&viewName=my_view" ``` for move to bottom of view - the item run before all others in this view ##### TOP ``` -curl "http://jenkins_url/simpleMove/move?moveType=TOP&itemId=my-job-name&viewName=my_view" +curl -XPOST --user username:apitoken "http://jenkins_url/simpleMove/move?moveType=TOP&itemId=my-job-name&viewName=my_view" ``` for move to top of view - the item run last of all others in this view #### Complex names
src/main/java/cz/mendelu/xotradov/MoveAction.java+2 −0 modified@@ -16,6 +16,7 @@ import java.util.List; import java.util.logging.Logger; import java.util.stream.Collectors; +import org.kohsuke.stapler.interceptor.RequirePOST; /** * Handles request to move one buildable item in a build queue, which is the core functionality of this plugin. @@ -56,6 +57,7 @@ public String getUrlName() { * @param request Stapler request from user * @param response Stapler response send back to users browser */ + @RequirePOST public void doMove(final StaplerRequest request, final StaplerResponse response) { Jenkins j; if ((j = Jenkins.getInstanceOrNull()) != null) {
src/main/java/cz/mendelu/xotradov/ResetAction.java+3 −0 modified@@ -10,11 +10,14 @@ import javax.annotation.CheckForNull; import java.io.IOException; import java.util.logging.Logger; +import org.kohsuke.stapler.interceptor.RequirePOST; @SuppressWarnings("unused") @Extension public class ResetAction implements RootAction { private static Logger logger = Logger.getLogger(ResetAction.class.getName()); + + @RequirePOST public void doReset(final StaplerRequest request, final StaplerResponse response) { if (!Jenkins.get().hasPermission(PermissionHandler.SIMPLE_QUEUE_RESET_PERMISSION)) return; QueueSorter queueSorter = Jenkins.get().getQueue().getSorter();
src/main/resources/cz/mendelu/xotradov/SimpleQueueUpdateAction/ajaxBuildQueue.jelly+12 −12 modified@@ -66,37 +66,37 @@ <j:when test="${buildable and h.hasPermission(app.MANAGE)}"> <j:if test="${filtered}"> <td class="pane" align="center" valign="middle"> - <a href="${rootURL}/simpleMove/move?${it.getMoveTypeName()}=TOP&${it.getItemIdName()}=${item.id}&${it.getViewNameParamName()}=${viewName}"> + <f:link post="true" href="${rootURL}/simpleMove/move?${it.getMoveTypeName()}=TOP&${it.getItemIdName()}=${item.id}&${it.getViewNameParamName()}=${viewName}"> <l:icon src="${rootURL}/plugin/simple-queue/images/arrow_top_10.png"/> - </a> + </f:link> </td> </j:if> <td class="pane" align="center" valign="middle"> - <a href="${rootURL}/simpleMove/move?${it.getMoveTypeName()}=UP_FAST&${it.getItemIdName()}=${item.id}&${it.getViewNameParamName()}=${viewName}"> + <f:link post="true" href="${rootURL}/simpleMove/move?${it.getMoveTypeName()}=UP_FAST&${it.getItemIdName()}=${item.id}&${it.getViewNameParamName()}=${viewName}"> <l:icon src="${rootURL}/plugin/simple-queue/images/arrow_up_fast_10.png"/> - </a> + </f:link> </td> <td class="pane" align="center" valign="middle"> - <a href="${rootURL}/simpleMove/move?${it.getMoveTypeName()}=UP&${it.getItemIdName()}=${item.id}&${it.getViewNameParamName()}=${viewName}"> + <f:link post="true" href="${rootURL}/simpleMove/move?${it.getMoveTypeName()}=UP&${it.getItemIdName()}=${item.id}&${it.getViewNameParamName()}=${viewName}"> <l:icon src="${rootURL}/plugin/simple-queue/images/arrow_up_10.png"/> - </a> + </f:link> </td> <td class="pane" align="center" valign="middle"> - <a href="${rootURL}/simpleMove/move?${it.getMoveTypeName()}=DOWN&${it.getItemIdName()}=${item.id}&${it.getViewNameParamName()}=${viewName}"> + <f:link post="true" href="${rootURL}/simpleMove/move?${it.getMoveTypeName()}=DOWN&${it.getItemIdName()}=${item.id}&${it.getViewNameParamName()}=${viewName}"> <l:icon src="${rootURL}/plugin/simple-queue/images/arrow_down_10.png"/> - </a> + </f:link> </td> <td class="pane" align="center" valign="middle"> - <a href="${rootURL}/simpleMove/move?${it.getMoveTypeName()}=DOWN_FAST&${it.getItemIdName()}=${item.id}&${it.getViewNameParamName()}=${viewName}"> + <f:link post="true" href="${rootURL}/simpleMove/move?${it.getMoveTypeName()}=DOWN_FAST&${it.getItemIdName()}=${item.id}&${it.getViewNameParamName()}=${viewName}"> <l:icon src="${rootURL}/plugin/simple-queue/images/arrow_down_fast_10.png"/> - </a> + </f:link> </td> <j:if test="${filtered}"> <td class="pane" align="center" valign="middle"> - <a href="${rootURL}/simpleMove/move?${it.getMoveTypeName()}=BOTTOM&${it.getItemIdName()}=${item.id}&${it.getViewNameParamName()}=${viewName}"> + <f:link post="true" href="${rootURL}/simpleMove/move?${it.getMoveTypeName()}=BOTTOM&${it.getItemIdName()}=${item.id}&${it.getViewNameParamName()}=${viewName}"> <l:icon src="${rootURL}/plugin/simple-queue/images/arrow_bottom_10.png"/> - </a> + </f:link> </td> </j:if> </j:when>
src/main/resources/cz/mendelu/xotradov/SimpleQueueWidget/index.jelly+12 −12 modified@@ -76,36 +76,36 @@ <j:when test="${buildable and h.hasPermission(app.MANAGE)}"> <j:if test="${filtered}"> <td class="pane" align="center" valign="middle"> - <a href="${rootURL}/simpleMove/move?${it.getMoveTypeName()}=TOP&${it.getItemIdName()}=${item.id}&${it.getViewNameParamName()}=${viewName}"> + <f:link post="true" href="${rootURL}/simpleMove/move?${it.getMoveTypeName()}=TOP&${it.getItemIdName()}=${item.id}&${it.getViewNameParamName()}=${viewName}"> <l:icon src="${rootURL}/plugin/simple-queue/images/arrow_top_10.png"/> - </a> + </f:link> </td> </j:if> <td class="pane" align="center" valign="middle"> - <a href="${rootURL}/simpleMove/move?${it.getMoveTypeName()}=UP_FAST&${it.getItemIdName()}=${item.id}&${it.getViewNameParamName()}=${viewName}"> + <f:link post="true" href="${rootURL}/simpleMove/move?${it.getMoveTypeName()}=UP_FAST&${it.getItemIdName()}=${item.id}&${it.getViewNameParamName()}=${viewName}"> <l:icon src="${rootURL}/plugin/simple-queue/images/arrow_up_fast_10.png"/> - </a> + </f:link> </td> <td class="pane" align="center" valign="middle"> - <a href="${rootURL}/simpleMove/move?${it.getMoveTypeName()}=UP&${it.getItemIdName()}=${item.id}&${it.getViewNameParamName()}=${viewName}"> + <f:link post="true" href="${rootURL}/simpleMove/move?${it.getMoveTypeName()}=UP&${it.getItemIdName()}=${item.id}&${it.getViewNameParamName()}=${viewName}"> <l:icon src="${rootURL}/plugin/simple-queue/images/arrow_up_10.png"/> - </a> + </f:link> </td> <td class="pane" align="center" valign="middle"> - <a href="${rootURL}/simpleMove/move?${it.getMoveTypeName()}=DOWN&${it.getItemIdName()}=${item.id}&${it.getViewNameParamName()}=${viewName}"> + <f:link post="true" href="${rootURL}/simpleMove/move?${it.getMoveTypeName()}=DOWN&${it.getItemIdName()}=${item.id}&${it.getViewNameParamName()}=${viewName}"> <l:icon src="${rootURL}/plugin/simple-queue/images/arrow_down_10.png"/> - </a> + </f:link> </td> <td class="pane" align="center" valign="middle"> - <a href="${rootURL}/simpleMove/move?${it.getMoveTypeName()}=DOWN_FAST&${it.getItemIdName()}=${item.id}&${it.getViewNameParamName()}=${viewName}"> + <f:link post="true" href="${rootURL}/simpleMove/move?${it.getMoveTypeName()}=DOWN_FAST&${it.getItemIdName()}=${item.id}&${it.getViewNameParamName()}=${viewName}"> <l:icon src="${rootURL}/plugin/simple-queue/images/arrow_down_fast_10.png"/> - </a> + </f:link> </td> <j:if test="${filtered}"> <td class="pane" width="16" align="center" valign="middle"> - <a href="${rootURL}/simpleMove/move?${it.getMoveTypeName()}=BOTTOM&${it.getItemIdName()}=${item.id}&${it.getViewNameParamName()}=${viewName}"> + <f:link post="true" href="${rootURL}/simpleMove/move?${it.getMoveTypeName()}=BOTTOM&${it.getItemIdName()}=${item.id}&${it.getViewNameParamName()}=${viewName}"> <l:icon src="${rootURL}/plugin/simple-queue/images/arrow_bottom_10.png"/> - </a> + </f:link> </td> </j:if> </j:when>
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-hcfh-qjcp-34q9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-31723ghsaADVISORY
- www.jenkins.io/security/advisory/2025-04-02/ghsavendor-advisoryWEB
- github.com/jenkinsci/simple-queue-plugin/commit/c1094666dcd139830620d6d1c21b13f847601e74ghsaWEB
News mentions
0No linked articles in our index yet.