Description
A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
Remediation
References
https://jenkins.io/security/advisory/2018-06-04/#SECURITY-809
Related Vulnerabilities
CVE-2020-4075 Vulnerability in maven package org.webjars.npm:electron
CVE-2023-37913 Vulnerability in maven package org.xwiki.platform:xwiki-platform-office-importer
CVE-2012-6662 Vulnerability in maven package org.webjars:jquery-ui
CVE-2023-31141 Vulnerability in maven package org.opensearch.plugin:opensearch-security
CVE-2022-34781 Vulnerability in maven package com.xebialabs.ci:xlrelease-plugin