Server-Side Request Forgery (SSRF) in Jenkins Confluence Publisher Plugin

2022-05-1402:21:28

Google

osv.dev

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

JSON

A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials.

CPENameOperatorVersion
org.jenkins-ci.plugins:confluence-publishereq2.0
org.jenkins-ci.plugins:confluence-publishereq-rc125.6ba78c5ed4a2
org.jenkins-ci.plugins:confluence-publishereq1.0.2
org.jenkins-ci.plugins:confluence-publishereq1.0.3
org.jenkins-ci.plugins:confluence-publishereq1.8
org.jenkins-ci.plugins:confluence-publishereq1.0.1
org.jenkins-ci.plugins:confluence-publishereq1.0.0
org.jenkins-ci.plugins:confluence-publishereq1.1
org.jenkins-ci.plugins:confluence-publishereq2.0.1
org.jenkins-ci.plugins:confluence-publishereq1.2

Name	Operator	Version
org.jenkins-ci.plugins:confluence-publisher	eq	2.0
org.jenkins-ci.plugins:confluence-publisher	eq	-rc125.6ba78c5ed4a2
org.jenkins-ci.plugins:confluence-publisher	eq	1.0.2
org.jenkins-ci.plugins:confluence-publisher	eq	1.0.3
org.jenkins-ci.plugins:confluence-publisher	eq	1.8
org.jenkins-ci.plugins:confluence-publisher	eq	1.0.1
org.jenkins-ci.plugins:confluence-publisher	eq	1.0.0
org.jenkins-ci.plugins:confluence-publisher	eq	1.1
org.jenkins-ci.plugins:confluence-publisher	eq	2.0.1
org.jenkins-ci.plugins:confluence-publisher	eq	1.2