An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1yZjdoLTltODUtNTM1ds4AAVXR

Jenkins Publisher Over CIFS Plugin confused deputy vulnerability

A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials. Additionally, this form validation method did not require POST requests, resulting in a CSRF vulnerability. As of version 0.11, this form validation method requires POST requests and Overall/Administer permissions.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 7 months ago

CVSS Score: 4.2
CVSS vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Identifiers: GHSA-rf7h-9m85-535v, CVE-2018-1999038
References: Repository:
Blast Radius: 1.0

Affected Packages

Affected Version Ranges: <= 0.10
Fixed in: 0.11