CVE-2019-1003027

Summary

A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL and obtain the HTTP response code if successful, and exception error message otherwise.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins OctopusDeploy Plugin1.8.1 and earlieraffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References