Description
A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials.
Remediation
References
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-982
Related Vulnerabilities
CVE-2022-36091 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2012-5886 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2018-1000145 Vulnerability in maven package org.jvnet.hudson.plugins:perforce
CVE-2014-2065 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2012-4431 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core