Описание
A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.3.4 (включая)
cpe:2.3:a:jenkins:github_branch_source:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 12%
0.00041
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 5
redhat
больше 7 лет назад
A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
CVSS3: 4.3
github
больше 3 лет назад
Jenkins GitHub Branch Source Plugin vulnerable to Server-Side Request Forgery
EPSS
Процентиль: 12%
0.00041
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-918