CVE-2018-1999039

2022-10-0316:22:22

mitre

www.cve.org

jenkins

confluence

publisher plugin

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

JSON

A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials.

References

jenkins.io/security/advisory/2018-07-30/#SECURITY-982