Описание
Jenkins Kanboard Plugin vulnerable to Server-side request forgery (SSRF)
A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL.
Пакеты
Наименование
org.jenkins-ci.plugins:kanboard
maven
Затронутые версииВерсия исправления
<= 1.5.10
1.5.11
Связанные уязвимости
CVSS3: 4.3
nvd
почти 7 лет назад
A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL.