Description
A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
Remediation
References
https://jenkins.io/security/advisory/2018-06-04/#SECURITY-810
Related Vulnerabilities
CVE-2023-26364 Vulnerability in npm package @adobe/css-tools
CVE-2023-27094 Vulnerability in maven package cn.hippo4j:hippo4j-all
CVE-2023-45811 Vulnerability in npm package deobfuscator
CVE-2023-30846 Vulnerability in npm package typed-rest-client
CVE-2020-1748 Vulnerability in maven package org.wildfly.security:wildfly-elytron