{
  "threat_severity" : "Important",
  "public_date" : "2023-08-16T00:00:00Z",
  "bugzilla" : {
    "description" : "jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin may approve unsandboxed scripts",
    "id" : "2232424",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2232424"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-352",
  "details" : [ "A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders.", "A flaw was found in the Jenkins Folders Plugin. Affected versions of this plugin allow attackers to copy folders." ],
  "affected_release" : [ {
    "product_name" : "OCP-Tools-4.14-RHEL-8",
    "release_date" : "2024-02-12T00:00:00Z",
    "advisory" : "RHSA-2024:0777",
    "cpe" : "cpe:/a:redhat:ocp_tools:4.14::el8",
    "package" : "jenkins-2-plugins-0:4.14.1706516441-1.el8"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat OpenShift Container Platform 3.11",
    "fix_state" : "Out of support scope",
    "package_name" : "jenkins-2-plugins",
    "cpe" : "cpe:/a:redhat:openshift:3.11"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Affected",
    "package_name" : "jenkins-2-plugins",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-40336\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-40336\nhttps://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3106" ],
  "name" : "CVE-2023-40336",
  "csaw" : false
}