CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1003026
https://notcve.org/view.php?id=CVE-2019-1003026
A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message. Existe una vulnerabilidad Server-Side Request Forgery (SSRF) en Jenkins Mattermost Notification Plugin, en versiones 2.6.2 y anteriores, en MattermostNotifier.java, que permite que los atacantes con permisos Overall/Read hagan que Jenkins se conecte a un servidor Mattermost especificado por el atacante y reserve y envíe un mensaje. • http://www.securityfocus.com/bid/107295 https://jenkins.io/security/advisory/2019-02-19/#SECURITY-985 • CWE-918: Server-Side Request Forgery (SSRF) •