2 matches found
org.jenkins-ci.plugins:xtrigger (>=0.23 <=0.54) potentially affected by CVE-2018-1000606 via org.jenkins-ci.plugins:urltrigger (>=0.10 <=0.31)
org.jenkins-ci.plugins:urltrigger MAVEN version =0.10, =0.23, =0.54 Source cves: CVE-2018-1000606 Source advisory: OSV:GHSA-RV87-VCV4-FJVR...
CVE-2018-1000606
The CVE CVE-2018-1000606 describes a server-side request forgery in the Jenkins URLTrigger Plugin (0.41 and earlier). The vulnerability arises in URLTrigger.java, allowing users with Overall/Read access to induce Jenkins to issue an unauthenticated GET to an attacker-controlled URL. Impact is mis...