Description
A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials.
Remediation
References
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-975
Related Vulnerabilities
CVE-2014-3662 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2021-26073 Vulnerability in npm package atlassian-connect-express
CVE-2023-0481 Vulnerability in maven package io.quarkus.resteasy.reactive:resteasy-reactive-common
CVE-2012-4446 Vulnerability in maven package org.apache.qpid:qpid-common