First published: Wed Aug 01 2018(Updated: )
A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Jenkins Confluence Publisher | <=2.0.1 | |
maven/org.jenkins-ci.plugins:confluence-publisher | <=2.0.1 | 2.0.2 |
<=2.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.