CVE-2018-1000182

Name of the Vulnerable Software and Affected Versions Jenkins Git Plugin version 3.9.0 and older

Description A server-side request forgery issue exists that allows attackers with Overall/Read access to cause the system to send a GET request to a specified URL. This is due to vulnerabilities in certain Java files, including AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, and ViewGitWeb.java.

Recommendations For Jenkins Git Plugin version 3.9.0 and older, consider restricting access to sensitive URLs and limiting the Overall/Read permissions to minimize the risk of exploitation. As a temporary workaround, consider disabling the affected Java files until a patch is available.