CVE-2018-1999038

Name of the Vulnerable Software and Affected Versions Jenkins Publisher Over CIFS Plugin versions 0.10 and earlier

Description A confused deputy issue exists that allows attackers to have Jenkins connect to an attacker-specified CIFS server with attacker-specified credentials. Additionally, a CSRF issue is present due to a form validation method not requiring POST requests.

Recommendations For Jenkins Publisher Over CIFS Plugin versions 0.10 and earlier, update to version 0.11 or later, which requires POST requests and Overall/Administer permissions for the form validation method, addressing both the confused deputy and CSRF issues.