5 matches found
Cross-Site Request Forgery in Jenkins
A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful 200 or not...
CVE-2018-1000195
A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful 200 or not...
Server side request forgery (ssrf)
A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful 200 or not...
CVE-2018-1000195
A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful 200 or not...
CVE-2018-1000195
The CVE-2018-1000195 issue affects Jenkins versions 2.120 and older (including LTS 2.107.2 and older). The vulnerability is a server-side request forgery in ZipExtractionInstaller.java that lets users with Overall/Read permission cause Jenkins to submit an HTTP GET request to an arbitrary URL and...