Vulnerabilities > CVE-2019-1003020 - Server-Side Request Forgery (SSRF) vulnerability in Jenkins Kanboard

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

jenkins

CWE-918

NVD

Published: 2019-02-06

Updated: 2023-10-25

Summary

A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL.

Vulnerable Configurations

Part	Description	Count
Application	Jenkins Jenkins Kanboard 1.5.5 Jenkins Kanboard 1.5.6 Jenkins Kanboard 1.5.7 Jenkins Kanboard 1.5.8 Jenkins Kanboard 1.5.9 Jenkins Kanboard 1.5.10	6

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://jenkins.io/security/advisory/2019-01-28/#SECURITY-818