[MAVEN:GHSA-6MV9-HCX5-7MHH] Server-Side Request Forgery in Jenkins
Severity
Moderate
Affected Packages
2
Fixed Packages
2
CVEs
1
An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response.
Package | Affected Version |
---|---|
pkg:maven/org.jenkins-ci.main/jenkins-core | >= 2.90, <= 2.106 |
pkg:maven/org.jenkins-ci.main/jenkins-core | <= 2.89.3 |
Package | Fixed Version |
---|---|
pkg:maven/org.jenkins-ci.main/jenkins-core | = 2.107 |
pkg:maven/org.jenkins-ci.main/jenkins-core | = 2.89.4 |
- ID
- MAVEN:GHSA-6MV9-HCX5-7MHH
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-6mv9-hcx5-7mhh
- Published
-
2022-05-13T01:01:03
(2 years ago) - Modified
-
2023-01-27T05:02:05
(20 months ago) - Rights
- Maven Security Team
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.jenkins-ci.main/jenkins-core | org.jenkins-ci.main | jenkins-core | >= 2.90 <= 2.106 | |||
Fixed | pkg:maven/org.jenkins-ci.main/jenkins-core | org.jenkins-ci.main | jenkins-core | = 2.107 | |||
Affected | pkg:maven/org.jenkins-ci.main/jenkins-core | org.jenkins-ci.main | jenkins-core | <= 2.89.3 | |||
Fixed | pkg:maven/org.jenkins-ci.main/jenkins-core | org.jenkins-ci.main | jenkins-core | = 2.89.4 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |