Описание
A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| jenkins | removed | package |
EPSS
Процентиль: 5%
0.00021
Низкий
Связанные уязвимости
CVSS3: 4.3
nvd
почти 7 лет назад
A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint.
CVSS3: 4.3
github
больше 3 лет назад
SSRF vulnerability due to missing permission check in Jenkins JMS Messaging Plugin
EPSS
Процентиль: 5%
0.00021
Низкий