Server-side Request Forgery (SSRF)
Affecting org.jenkins-ci.plugins:kanboard artifact, versions [,1.5.11)
org.jenkins-ci.plugins:kanboard is a Jenkins plugin that allows to create or update a Kanboard task as a post-build action, trigger a build when a task is created or moved, and fetch a task and its attachments as a build step.
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF).
An attacker with
Overall/Read permission could submit a
GET request to an attacker-specified URL.
org.jenkins-ci.plugins:kanboard to version 1.5.11 or higher.
Do your applications use this vulnerable package?