#Title: Jenkins 1.626 - Cross Site Request Forgery / Code Execution #Date: 27.08.15 #Affected versions: => 1.626 (current) #Vendor: jenkins-ci.org #Contact: smash [at] devilteam.pl Cross site request forgery vulnerability in Jenkins 1.626 allows remote attackers to hjiack the authentication of users for most request. Using CSRF it is able to change specific settings or even execute code on os as shown below. Examples: