The Jenkins GitHub Integration Plugin versions 0.7.3 and earlier contain a CSRF vulnerability that allows attackers to trigger builds for pull requests without proper authorization. This vulnerability arises from insufficient CSRF protections in the plugin's handling of build triggers. No CVSS score or vendor advisory with patch information is currently available. The vulnerability is published but lacks detailed remediation guidance or known exploits.

An attacker can exploit this CSRF vulnerability to trigger builds for pull requests without authorization. This could lead to unintended build executions, potentially wasting resources or triggering further automated processes. There is no information indicating privilege escalation, data disclosure, or code execution beyond the unauthorized build trigger.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider restricting access to the Jenkins instance and the GitHub Integration Plugin to trusted users only and monitor for unusual build triggers. Avoid exposing Jenkins interfaces to untrusted networks. Follow updates from the Jenkins Project for any forthcoming patches.