Server-side Request Forgery Vulnerability in Jenkins 2.120 and Older: Arbitrary URL Submission and Response Verification
CVE-2018-1000195 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful (200) or not.
Learn more about our Cis Benchmark Audit For Server Software.