CVE-2019-1003026
MEDIUM4.3EPSS 0.03%Jenkins Mattermost Notification Plugin vulnerable to SSRF
發布日:2022/5/13修改日:2024/2/16
描述
A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message.
受影響套件(1)
- Maven/org.jenkins-ci.plugins:mattermostfrom 0, < 2.6.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |