{"id":"CVE-2023-24423","details":"A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit.","aliases":["GHSA-95jq-24cr-pgrq"],"modified":"2026-04-12T07:25:37.600584Z","published":"2023-01-26T21:18:16.707Z","references":[{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2137"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/gerrit-trigger-plugin","events":[{"introduced":"0"},{"fixed":"940a2c6ca0fad2a6d3221d7c5bb2e089ee0ef53a"}],"database_specific":{"cpe":"cpe:2.3:a:jenkins:gerrit_trigger:*:*:*:*:*:jenkins:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"2.38.1"}]}}],"versions":["gerrit-trigger-2.0","gerrit-trigger-2.1.0","gerrit-trigger-2.10.0","gerrit-trigger-2.10.1","gerrit-trigger-2.11.0-beta-1","gerrit-trigger-2.12.0-beta-1","gerrit-trigger-2.12.0-beta-2","gerrit-trigger-2.12.0-beta-3","gerrit-trigger-2.13.0-beta-1","gerrit-trigger-2.13.0-beta-2","gerrit-trigger-2.13.0-beta-3","gerrit-trigger-2.13.0-beta-4","gerrit-trigger-2.13.0-beta-5","gerrit-trigger-2.13.0-beta-5r2","gerrit-trigger-2.13.0-beta-6","gerrit-trigger-2.14.0","gerrit-trigger-2.14.0-beta-1","gerrit-trigger-2.14.0-beta-2","gerrit-trigger-2.14.0-beta-3","gerrit-trigger-2.15.0","gerrit-trigger-2.15.0-beta-1","gerrit-trigger-2.15.1","gerrit-trigger-2.15.2","gerrit-trigger-2.16.0","gerrit-trigger-2.17.0","gerrit-trigger-2.17.1","gerrit-trigger-2.17.2","gerrit-trigger-2.17.3","gerrit-trigger-2.17.4","gerrit-trigger-2.17.5","gerrit-trigger-2.18.0","gerrit-trigger-2.18.1","gerrit-trigger-2.18.2","gerrit-trigger-2.18.3","gerrit-trigger-2.18.4","gerrit-trigger-2.19.0","gerrit-trigger-2.20.0","gerrit-trigger-2.21.0","gerrit-trigger-2.21.1","gerrit-trigger-2.22.0","gerrit-trigger-2.23.0","gerrit-trigger-2.23.1","gerrit-trigger-2.23.2","gerrit-trigger-2.23.3","gerrit-trigger-2.24.0","gerrit-trigger-2.25.0","gerrit-trigger-2.26.0","gerrit-trigger-2.26.1","gerrit-trigger-2.26.2","gerrit-trigger-2.27.0","gerrit-trigger-2.27.1","gerrit-trigger-2.27.2","gerrit-trigger-2.27.3","gerrit-trigger-2.27.4","gerrit-trigger-2.27.5","gerrit-trigger-2.27.6","gerrit-trigger-2.27.7","gerrit-trigger-2.28.0","gerrit-trigger-2.29.0","gerrit-trigger-2.29.0-r2","gerrit-trigger-2.3.0","gerrit-trigger-2.3.0-t2","gerrit-trigger-2.30.0","gerrit-trigger-2.30.1","gerrit-trigger-2.30.2","gerrit-trigger-2.30.3","gerrit-trigger-2.30.4","gerrit-trigger-2.30.5","gerrit-trigger-2.31.0","gerrit-trigger-2.32.0","gerrit-trigger-2.32.1","gerrit-trigger-2.33.0","gerrit-trigger-2.34.0","gerrit-trigger-2.35.0","gerrit-trigger-2.35.0-beta-1","gerrit-trigger-2.35.1","gerrit-trigger-2.35.2","gerrit-trigger-2.35.4","gerrit-trigger-2.36.0","gerrit-trigger-2.36.1","gerrit-trigger-2.37.0","gerrit-trigger-2.38.0","gerrit-trigger-2.5.0","gerrit-trigger-2.5.1","gerrit-trigger-2.5.2","gerrit-trigger-2.7.0","gerrit-trigger-2.8.0","gerrit-trigger-2.9.0","gerrit-trigger-parent-1_3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-24423.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}]}