Description
A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message.
Remediation
References
http://www.securityfocus.com/bid/107295
https://jenkins.io/security/advisory/2019-02-19/#SECURITY-985
Related Vulnerabilities
CVE-2019-10461 Vulnerability in maven package org.jenkins-ci.plugins:dynatrace-dashboard
CVE-2022-39381 Vulnerability in npm package hummus
CVE-2019-10329 Vulnerability in maven package org.jenkins-ci.plugins:influxdb
CVE-2021-23412 Vulnerability in npm package gitlogplus
CVE-2021-41184 Vulnerability in maven package org.webjars.npm:jquery-ui