CVE-2019-1003020

2019-02-0616:29:00

Google

osv.dev

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.2%

JSON

A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL.

CPENameOperatorVersion
kanboard-plugineqkanboard-1.5.10
kanboard-plugineqkanboard-publisher-1.5.3
kanboard-plugineqkanboard-publisher-1.5
kanboard-plugineqkanboard-1.5.7
kanboard-plugineqkanboard-1.5.9
kanboard-plugineqkanboard-publisher-1.2
kanboard-plugineqkanboard-publisher-1.5.4
kanboard-plugineqkanboard-publisher-1.5.2
kanboard-plugineqkanboard-publisher-1.3
kanboard-plugineqkanboard-publisher-1.4

Name	Operator	Version
kanboard-plugin	eq	kanboard-1.5.10
kanboard-plugin	eq	kanboard-publisher-1.5.3
kanboard-plugin	eq	kanboard-publisher-1.5
kanboard-plugin	eq	kanboard-1.5.7
kanboard-plugin	eq	kanboard-1.5.9
kanboard-plugin	eq	kanboard-publisher-1.2
kanboard-plugin	eq	kanboard-publisher-1.5.4
kanboard-plugin	eq	kanboard-publisher-1.5.2
kanboard-plugin	eq	kanboard-publisher-1.3
kanboard-plugin	eq	kanboard-publisher-1.4