Description

A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-975

Related Vulnerabilities

CVE-2023-43123 Vulnerability in maven package org.apache.storm:storm-pmml-examples

CVE-2012-5633 Vulnerability in maven package org.apache.cxf:cxf-api

CVE-2018-1000192 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2022-41248 Vulnerability in maven package org.jenkins-ci.plugins:bigpanda-jenkins

CVE-2020-7653 Vulnerability in npm package snyk-broker

Severity

Medium

Classification

CWE-441 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Tags

Vendor Advisory