CVE-2024-3825: BlazeMeter Jenkins plugin vulnerable to Cross-Site Request Forgery

April 17, 2024

Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw which results in credential enumeration.

References

github.com/Blazemeter/blazemeter-jenkins-plugin
github.com/Blazemeter/blazemeter-jenkins-plugin/commit/11ec94f68136a0612ae1b37b5370053132cb2528
github.com/advisories/GHSA-r52h-fjm7-93j8
nvd.nist.gov/vuln/detail/CVE-2024-3825
portal.perforce.com/s/detail/a91PA000001STsvYAG

Code Behaviors & Features

Detect and mitigate CVE-2024-3825 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →