A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials.
References
Link | Resource |
---|---|
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-975 | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2018-08-01 13:29
Updated : 2024-02-28 16:48
NVD link : CVE-2018-1999038
Mitre link : CVE-2018-1999038
CVE.ORG link : CVE-2018-1999038
JSON object : View
Products Affected
jenkins
- publish_over_cifs
CWE
CWE-441
Unintended Proxy or Intermediary ('Confused Deputy')