Description

A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-975

Related Vulnerabilities

CVE-2020-17532 Vulnerability in maven package org.apache.servicecomb:foundation-config

CVE-2023-42795 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2018-1000665 Vulnerability in maven package org.webjars.bower:dojo

CVE-2017-12633 Vulnerability in maven package org.apache.camel:camel-hessian

CVE-2019-10080 Vulnerability in maven package org.apache.nifi:nifi-lookup-services

Severity

Medium

Classification

CWE-441 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Tags

Vendor Advisory