Описание
A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful (200) or not.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Enterprise 3 | jenkins | Affected |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-285
https://bugzilla.redhat.com/show_bug.cgi?id=1576712jenkins: Users with Overall/Read permission were able to send GET requests to any URL (SECURITY-794)
EPSS
Процентиль: 71%
0.00695
Низкий
3.5 Low
CVSS3
Связанные уязвимости
CVSS3: 4.3
nvd
больше 7 лет назад
A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful (200) or not.
CVSS3: 4.3
debian
больше 7 лет назад
A server-side request forgery vulnerability exists in Jenkins 2.120 an ...
EPSS
Процентиль: 71%
0.00695
Низкий
3.5 Low
CVSS3