Description
A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint.
Remediation
References
http://www.securityfocus.com/bid/107295
https://jenkins.io/security/advisory/2019-02-19/#SECURITY-1033
Related Vulnerabilities
CVE-2020-7697 Vulnerability in npm package mock2easy
CVE-2021-21266 Vulnerability in maven package org.openhab.addons.bundles:org.openhab.binding.enigma2
CVE-2017-15701 Vulnerability in maven package org.apache.qpid:qpid-broker
CVE-2022-24697 Vulnerability in maven package org.apache.kylin:kylin-spark-engine