Description
A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials.
Remediation
References
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-982
Related Vulnerabilities
CVE-2016-3725 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-29207 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2023-35926 Vulnerability in npm package @backstage/plugin-scaffolder-backend
CVE-2021-31404 Vulnerability in maven package com.vaadin:flow-server