Description
A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL.
Remediation
References
https://jenkins.io/security/advisory/2019-01-28/#SECURITY-818
Related Vulnerabilities
CVE-2022-22950 Vulnerability in maven package org.springframework:spring-core
CVE-2023-46120 Vulnerability in maven package com.rabbitmq:amqp-client
CVE-2020-9281 Vulnerability in npm package ckeditor4-dev
CVE-2022-37422 Vulnerability in maven package fish.payara.server.internal.web:web-core
CVE-2022-36911 Vulnerability in maven package org.jenkins-ci.plugins:openstack-heat