Описание
Jenkins Mattermost Notification Plugin vulnerable to SSRF
A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message.
Пакеты
Наименование
org.jenkins-ci.plugins:mattermost
maven
Затронутые версииВерсия исправления
<= 2.6.2
2.6.3
Связанные уязвимости
CVSS3: 4.3
nvd
больше 6 лет назад
A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message.
CVSS3: 4.3
debian
больше 6 лет назад
A server-side request forgery vulnerability exists in Jenkins Mattermo ...