[MAVEN:GHSA-6MV9-HCX5-7MHH] Server-Side Request Forgery in Jenkins

Severity Moderate

Affected Packages 2

Fixed Packages 2

CVEs 1

An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response.

Package	Affected Version
pkg:maven/org.jenkins-ci.main/jenkins-core	>= 2.90, <= 2.106
pkg:maven/org.jenkins-ci.main/jenkins-core	<= 2.89.3

Package	Fixed Version
pkg:maven/org.jenkins-ci.main/jenkins-core	= 2.107
pkg:maven/org.jenkins-ci.main/jenkins-core	= 2.89.4

ID: MAVEN:GHSA-6MV9-HCX5-7MHH
Severity: moderate
URL: https://github.com/advisories/GHSA-6mv9-hcx5-7mhh
Published: 2022-05-13T01:01:03
(2 years ago)
Modified: 2023-01-27T05:02:05
(20 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2018-1000067
			https://jenkins.io/security/advisory/2018-02-14/#SECURITY-506
			https://www.oracle.com/security-alerts/cpuapr2022.html
			https://github.com/jenkinsci/jenkins/commit/2d16b459205730d85e51499c2457109b234ca9d9
			https://github.com/advisories/GHSA-6mv9-hcx5-7mhh

Type	Package URL	Namespace	Name / Product	Version
Affected	pkg:maven/org.jenkins-ci.main/jenkins-core	org.jenkins-ci.main	jenkins-core	>= 2.90 <= 2.106
Fixed	pkg:maven/org.jenkins-ci.main/jenkins-core	org.jenkins-ci.main	jenkins-core	= 2.107
Affected	pkg:maven/org.jenkins-ci.main/jenkins-core	org.jenkins-ci.main	jenkins-core	<= 2.89.3
Fixed	pkg:maven/org.jenkins-ci.main/jenkins-core	org.jenkins-ci.main	jenkins-core	= 2.89.4

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date