Jenkins TraceTronic ECU-TEST Plugin server-side request forgery vulnerability

2022-05-1402:57:12

Google

osv.dev

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.6%

JSON

A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host.

CPENameOperatorVersion
de.tracetronic.jenkins.plugins:ecutesteq1.5
de.tracetronic.jenkins.plugins:ecutesteq1.7
de.tracetronic.jenkins.plugins:ecutesteq1.9
de.tracetronic.jenkins.plugins:ecutesteq2.2
de.tracetronic.jenkins.plugins:ecutesteq1.14
de.tracetronic.jenkins.plugins:ecutesteq1.3
de.tracetronic.jenkins.plugins:ecutesteq2.3
de.tracetronic.jenkins.plugins:ecutesteq2.0
de.tracetronic.jenkins.plugins:ecutesteq1.8
de.tracetronic.jenkins.plugins:ecutesteq2.1

Name	Operator	Version
de.tracetronic.jenkins.plugins:ecutest	eq	1.5
de.tracetronic.jenkins.plugins:ecutest	eq	1.7
de.tracetronic.jenkins.plugins:ecutest	eq	1.9
de.tracetronic.jenkins.plugins:ecutest	eq	2.2
de.tracetronic.jenkins.plugins:ecutest	eq	1.14
de.tracetronic.jenkins.plugins:ecutest	eq	1.3
de.tracetronic.jenkins.plugins:ecutest	eq	2.3
de.tracetronic.jenkins.plugins:ecutest	eq	2.0
de.tracetronic.jenkins.plugins:ecutest	eq	1.8
de.tracetronic.jenkins.plugins:ecutest	eq	2.1