CVE-2018-1000606

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1000606

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000606.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1000606

Aliases

GHSA-rv87-vcv4-fjvr

Published

2018-06-26T17:29:00Z

Modified

2024-09-03T02:01:30.063433Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

References

https://jenkins.io/security/advisory/2018-06-25/#SECURITY-819

Affected packages

Git / github.com/jenkinsci/urltrigger-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/urltrigger-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

c913d32dbdd03485e089bcb48e1a0c505e930803

Affected versions

urltrigger-0.*

urltrigger-0.1

urltrigger-0.10

urltrigger-0.11

urltrigger-0.12

urltrigger-0.13

urltrigger-0.14

urltrigger-0.15

urltrigger-0.16

urltrigger-0.17

urltrigger-0.18

urltrigger-0.19

urltrigger-0.2

urltrigger-0.20

urltrigger-0.21

urltrigger-0.22

urltrigger-0.23

urltrigger-0.24

urltrigger-0.25

urltrigger-0.26

urltrigger-0.27

urltrigger-0.28

urltrigger-0.29

urltrigger-0.3

urltrigger-0.30

urltrigger-0.31

urltrigger-0.32

urltrigger-0.33

urltrigger-0.34

urltrigger-0.35

urltrigger-0.36

urltrigger-0.37

urltrigger-0.38

urltrigger-0.39

urltrigger-0.4

urltrigger-0.4.1

urltrigger-0.4.2

urltrigger-0.4.3

urltrigger-0.40

urltrigger-0.41

urltrigger-0.5

urltrigger-0.5.1

urltrigger-0.6

urltrigger-0.7

urltrigger-0.8

urltrigger-0.9