CVE-2018-1000185

CWE-918 — Server-Side Request Forgery (SSRF)7 documents7 sources

Severity

4.3MEDIUM

EPSS

0.0%

top 87.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Github Branch Source

Timeline

PublishedJun 5

Latest updateMay 14

Description

A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶Mavenorg.jenkins-ci.plugins:github-branch-source< 2.3.5

▶NVDjenkins/github_branch_source2.3.4

🔴Vulnerability Details

GHSA

Jenkins GitHub Branch Source Plugin vulnerable to Server-Side Request Forgery↗2022-05-14

▶

OSV

Jenkins GitHub Branch Source Plugin vulnerable to Server-Side Request Forgery↗2022-05-14

▶

CVEList

CVE-2018-1000185: A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2↗2018-06-05

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2018-06-04↗2018-06-04

▶

Red Hat

jenkins-plugin-github-branch-source: Server-side request forgery vulnerability (SECURITY-806)↗2018-06-04

▶

💬Community

Bugzilla

CVE-2018-1000185 jenkins-plugin-github-branch-source: Server-side request forgery vulnerability (SECURITY-806)↗2018-06-05

▶