SSRF vulnerability due to missing permission check in Fortify on Demand Uploader Plugin

2022-05-1301:15:08

Google

osv.dev

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.1%

JSON

A missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.

CPENameOperatorVersion
org.jenkins-ci.plugins:fortify-on-demand-uploadereq1.02
org.jenkins-ci.plugins:fortify-on-demand-uploadereq3.0.4
org.jenkins-ci.plugins:fortify-on-demand-uploadereq1.09
org.jenkins-ci.plugins:fortify-on-demand-uploadereq3.0.8
org.jenkins-ci.plugins:fortify-on-demand-uploadereq2.0.4
org.jenkins-ci.plugins:fortify-on-demand-uploadereq3.0.2
org.jenkins-ci.plugins:fortify-on-demand-uploadereq2.0.8
org.jenkins-ci.plugins:fortify-on-demand-uploadereq1.07
org.jenkins-ci.plugins:fortify-on-demand-uploadereq1.01
org.jenkins-ci.plugins:fortify-on-demand-uploadereq1.04

Name	Operator	Version
org.jenkins-ci.plugins:fortify-on-demand-uploader	eq	1.02
org.jenkins-ci.plugins:fortify-on-demand-uploader	eq	3.0.4
org.jenkins-ci.plugins:fortify-on-demand-uploader	eq	1.09
org.jenkins-ci.plugins:fortify-on-demand-uploader	eq	3.0.8
org.jenkins-ci.plugins:fortify-on-demand-uploader	eq	2.0.4
org.jenkins-ci.plugins:fortify-on-demand-uploader	eq	3.0.2
org.jenkins-ci.plugins:fortify-on-demand-uploader	eq	2.0.8
org.jenkins-ci.plugins:fortify-on-demand-uploader	eq	1.07
org.jenkins-ci.plugins:fortify-on-demand-uploader	eq	1.01
org.jenkins-ci.plugins:fortify-on-demand-uploader	eq	1.04