logo

Database

Server-side request forgery (SSRF) In org.jenkins-ci.plugins:git

Description

Server-Side Request Forgery in Jenkins Git Plugin A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2018-10001822. NVD-2018-10001823. OSV-2018-10001824. GCVE-2018-1000182

References

1. https://github.com/jenkinsci/git-plugin/commit/87a03f3d9c4a0c0a918d91e173b200a6a3b237a72. https://jenkins.io/security/advisory/2018-06-04/#SECURITY-810

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.