Description
A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials.
Remediation
References
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-982
Related Vulnerabilities
CVE-2018-1000086 Vulnerability in npm package pym.js
CVE-2023-0091 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2020-2297 Vulnerability in maven package com.hoiio.jenkins:sms
CVE-2011-3376 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2016-3727 Vulnerability in maven package org.jenkins-ci.main:jenkins-core