CVE-2018-1000195
CVSS v3.1
4.3 (Medium)
CVSS v2.0
4.3 (Medium)
EPSS
0.06 % (26th)
Affected Products
2
Advisories
2
A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful (200) or not.
Weaknesses
- CWE-352
- Cross-Site Request Forgery (CSRF)
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2018-06-05 21:29:00
(6 years ago) - Updated Date
-
2022-06-13 19:03:11
(2 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...