Description
A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
Remediation
References
https://jenkins.io/security/advisory/2018-06-04/#SECURITY-799
Related Vulnerabilities
CVE-2022-43409 Vulnerability in maven package org.jenkins-ci.plugins.workflow:workflow-support
CVE-2020-26217 Vulnerability in maven package org.jvnet.hudson:xstream
CVE-2023-30515 Vulnerability in maven package io.jenkins.plugins:thycotic-devops-secrets-vault
CVE-2015-5170 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-login
CVE-2019-10397 Vulnerability in maven package org.jenkins-ci.plugins:aqua-serverless