CVE-2018-1999026
published 2018-08-01CVE-2018-1999026: A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have…
medium6.5CVSS 3.0
AVNACLPRLUINSUCNIHAN
A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | accurev_plugin | — | — |
| jenkins | agiletestware_pangolin_connector_for_testrail_plugin | — | — |
| jenkins | anchore_container_image_scanner_plugin | — | — |
| jenkins | confluence_publisher_plugin | — | — |
| jenkins | credentials_plugin | — | — |
| jenkins | inedo_buildmaster_plugin | — | — |
| jenkins | inedo_proget_plugin | — | — |
| jenkins | kubernetes_plugin | — | — |
| jenkins | publish_over_cifs_plugin | — | — |
| jenkins | read_access_to_jenkins_to_override_the_plugin | — | — |
| jenkins | resource_disposer_plugin | — | — |
| jenkins | saltstack_plugin | — | — |
| jenkins | shelve_project_plugin | — | — |
| jenkins | ssh_agent_plugin | — | — |
| jenkins | tinfoil_security_plugin | — | — |
| jenkins | tracetronic_ecu-test | <= 2.3 | — |
| jenkins | tracetronic_ecu-test_plugin | — | — |