Description

A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful (200) or not.

Remediation

References

CVE-2018-1000195

Related Vulnerabilities

WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.21)

Vulnerable package dependencies [low]

WordPress Plugin WP Songbook Cross-Site Scripting (2.0.11)

MySQL Numeric Errors Vulnerability (CVE-2016-2105)

Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-30179)

Severity

Medium

Classification

CVE-2018-1000195 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities