Description
A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials.
Remediation
References
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-975
Related Vulnerabilities
CVE-2017-15702 Vulnerability in maven package org.apache.qpid:qpid-broker
CVE-2023-39522 Vulnerability in npm package @goauthentik/api
CVE-2012-5633 Vulnerability in maven package org.apache.cxf:cxf-rt-ws-security
CVE-2020-2218 Vulnerability in maven package org.jenkins-ci.plugins:hp-quality-center
CVE-2023-43666 Vulnerability in maven package org.apache.inlong:manager-web