Описание
URLTrigger Plugin server-side request forgery vulnerability
A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. As of version 0.43, this form validation method no longer connects to a user provided URL.
Ссылки
Пакеты
Наименование
org.jenkins-ci.plugins:urltrigger
maven
Затронутые версииВерсия исправления
<= 0.41
0.43
Связанные уязвимости
CVSS3: 6.5
nvd
больше 7 лет назад
A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.