CVE-2018-1000184

CWE-918 — Server-Side Request Forgery (SSRF)7 documents7 sources

Severity

5.4MEDIUM

EPSS

0.0%

top 91.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Github

Timeline

PublishedJun 5

Latest updateMay 14

Description

A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶NVDjenkins/github1.29.0

▶Mavencom.coravy.hudson.plugins.github:github< 1.29.1

🔴Vulnerability Details

GHSA

Jenkins GitHub Plugin server-side request forgery vulnerability exists↗2022-05-14

▶

OSV

Jenkins GitHub Plugin server-side request forgery vulnerability exists↗2022-05-14

▶

CVEList

CVE-2018-1000184: A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1↗2018-06-05

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2018-06-04↗2018-06-04

▶

Red Hat

jenkins-plugin-github: Server-side request forgery vulnerability (SECURITY-799)↗2018-06-04

▶

💬Community

Bugzilla

CVE-2018-1000184 jenkins-plugin-github: Server-side request forgery vulnerability (SECURITY-799)↗2018-06-05

▶