CVE-2019-1003026 — Server-Side Request Forgery in Jenkins Mattermost
Severity
4.3MEDIUMNVD
EPSS
0.0%
top 91.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 20
Latest updateMay 13
Description
A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4