CVE-2018-1000188Server-Side Request Forgery in Jenkins CAS

CWE-918Server-Side Request Forgery5 documents5 sources
Severity
5.4MEDIUMNVD
EPSS
0.0%
top 91.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jenkins CAS
Timeline
PublishedJun 5
Latest updateMay 14

Description

A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages1 packages

NVDjenkins/cas1.4.1

🔴Vulnerability Details

3
OSV
Jenkins CAS Plugin Server-Side Request Forgery vulnerability2022-05-14
GHSA
Jenkins CAS Plugin Server-Side Request Forgery vulnerability2022-05-14
CVEList
CVE-2018-1000188: A server-side request forgery vulnerability exists in Jenkins CAS Plugin 12018-06-05

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2018-06-042018-06-04
CVE-2018-1000188 — Server-Side Request Forgery | cvebase