Описание
A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | jenkins-2-plugins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.10 | jenkins-plugin-git | Will not fix | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins-2-plugins | Not affected | ||
| Red Hat OpenShift Container Platform 3.4 | jenkins-plugin-git | Will not fix | ||
| Red Hat OpenShift Container Platform 3.5 | jenkins-plugin-git | Will not fix | ||
| Red Hat OpenShift Container Platform 3.6 | jenkins-plugin-git | Will not fix | ||
| Red Hat OpenShift Container Platform 3.7 | jenkins-plugin-git | Will not fix | ||
| Red Hat OpenShift Container Platform 3.9 | jenkins-plugin-git | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | jenkins-2-plugins | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-352
https://bugzilla.redhat.com/show_bug.cgi?id=1585987jenkins-plugin-git: Server-side request forgery vulnerability (SECURITY-810)
EPSS
Процентиль: 11%
0.00039
Низкий
6.4 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.4
nvd
около 7 лет назад
A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
CVSS3: 6.4
github
около 3 лет назад
Server-Side Request Forgery in Jenkins Git Plugin
EPSS
Процентиль: 11%
0.00039
Низкий
6.4 Medium
CVSS3