Description

A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

Remediation

References

https://jenkins.io/security/advisory/2018-06-25/#SECURITY-819

Related Vulnerabilities

CVE-2019-10431 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2019-1003086 Vulnerability in maven package org.jenkins-ci.plugins:sinatra-chef-builder

CVE-2020-13883 Vulnerability in maven package org.wso2.carbon.governance:org.wso2.carbon.governance.lcm

CVE-2023-40037 Vulnerability in maven package org.apache.nifi:nifi-dbcp-service-api

CVE-2023-46233 Vulnerability in maven package org.webjars.npm:github-com-brix-crypto-js

Severity

High

Classification

CWE-918 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Vendor Advisory