CVE-2019-1003027

Name of the Vulnerable Software and Affected Versions: Jenkins OctopusDeploy Plugin versions 1.8.1 and earlier

Description: A server-side request forgery issue exists that allows attackers with Overall/Read permission to have the server connect to an attacker-specified URL and obtain the HTTP response code if successful, or an exception error message otherwise.

Recommendations: For Jenkins OctopusDeploy Plugin versions 1.8.1 and earlier, consider restricting access to the OctopusDeployPlugin.java file until a patch is available. As a temporary workaround, limit the Overall/Read permission to minimize the risk of exploitation.