URLTrigger Plugin server-side request forgery vulnerability
Moderate severity
GitHub Reviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Jun 26, 2018
Published to the GitHub Advisory Database
May 14, 2022
Reviewed
Jul 27, 2022
Last updated
Jan 27, 2023
Credits
-
westonsteimel Analyst
A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. As of version 0.43, this form validation method no longer connects to a user provided URL.
References