Description
A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials.
Remediation
References
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-982
Related Vulnerabilities
CVE-2014-3416 Vulnerability in maven package org.jasig.portal:uportal-war
CVE-2019-10352 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-40336 Vulnerability in maven package org.jenkins-ci.plugins:cloudbees-folder
CVE-2022-42125 Vulnerability in maven package com.liferay.portal:com.liferay.portal.impl
CVE-2023-26480 Vulnerability in maven package org.xwiki.platform:xwiki-platform-livedata-macro