Description
A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials.
Remediation
References
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-982
Related Vulnerabilities
CVE-2023-46658 Vulnerability in maven package io.jenkins.plugins:teams-webhook-trigger
CVE-2022-43427 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-for-total-test
CVE-2019-10379 Vulnerability in maven package org.jenkins-ci.plugins:gcm-notification
CVE-2022-40635 Vulnerability in maven package org.craftercms:craftercms
CVE-2014-3682 Vulnerability in maven package org.jbpm:jbpm-designer-backend