Description
A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
Remediation
References
https://jenkins.io/security/advisory/2018-06-04/#SECURITY-799
Related Vulnerabilities
CVE-2011-2894 Vulnerability in maven package org.springframework.security:spring-security-core
CVE-2020-4070 Vulnerability in maven package org.w3c.css:css-validator
CVE-2017-12611 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2023-34047 Vulnerability in maven package org.springframework.graphql:spring-graphql
CVE-2016-2163 Vulnerability in maven package org.apache.openmeetings:openmeetings-web