Description
A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials.
Remediation
References
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-982
Related Vulnerabilities
CVE-2018-1000410 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2014-0086 Vulnerability in maven package org.richfaces.core:richfaces-core-impl
CVE-2020-6428 Vulnerability in maven package org.webjars.npm:electron
CVE-2023-31454 Vulnerability in maven package org.apache.inlong:manager-service
CVE-2018-1999038 Vulnerability in maven package org.jenkins-ci.plugins:publish-over-cifs