6.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
22.2%
A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
github.com/jenkinsci/github-plugin
github.com/jenkinsci/github-plugin/commit/9a20b7d74ec1bfa8afe260571485dec286b454a2
jenkins.io/security/advisory/2018-06-04/#SECURITY-799
nvd.nist.gov/vuln/detail/CVE-2018-1000184