CVE-2018-1999039

2018-08-0113:29:01

Google

osv.dev

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

JSON

A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials.

CPENameOperatorVersion
confluence-publisher-plugineqconfluence-publisher-2.0
confluence-publisher-plugineqconfluence-publisher-1.5
confluence-publisher-plugineqconfluence-publisher-1.0.3
confluence-publisher-plugineqconfluence-publisher-2.0.1
confluence-publisher-plugineqconfluence-publisher-1.3
confluence-publisher-plugineqconfluence-publisher-1.4
confluence-publisher-plugineqconfluence-publisher-1.0.2
confluence-publisher-plugineqconfluence-publisher-1.0.1
confluence-publisher-plugineqconfluence-publisher-1.2
confluence-publisher-plugineqconfluence-publisher-1.1

Name	Operator	Version
confluence-publisher-plugin	eq	confluence-publisher-2.0
confluence-publisher-plugin	eq	confluence-publisher-1.5
confluence-publisher-plugin	eq	confluence-publisher-1.0.3
confluence-publisher-plugin	eq	confluence-publisher-2.0.1
confluence-publisher-plugin	eq	confluence-publisher-1.3
confluence-publisher-plugin	eq	confluence-publisher-1.4
confluence-publisher-plugin	eq	confluence-publisher-1.0.2
confluence-publisher-plugin	eq	confluence-publisher-1.0.1
confluence-publisher-plugin	eq	confluence-publisher-1.2
confluence-publisher-plugin	eq	confluence-publisher-1.1