Description
A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint.
Remediation
References
https://jenkins.io/security/advisory/2019-02-19/#SECURITY-1033
http://www.securityfocus.com/bid/107295
Related Vulnerabilities
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http-core_2.13
CVE-2021-45458 Vulnerability in maven package org.apache.kylin:kylin-core-common
CVE-2022-31190 Vulnerability in maven package org.dspace:dspace-xmlui
CVE-2021-41182 Vulnerability in maven package org.webjars:jquery-ui
CVE-2022-37734 Vulnerability in maven package com.graphql-java:graphql-java