CVE-2019-1003020

Name of the Vulnerable Software and Affected Versions: Jenkins Kanboard Plugin versions 1.5.10 and earlier

Description: A server-side request forgery issue exists that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL, potentially leading to unauthorized access.

Recommendations: For Jenkins Kanboard Plugin versions 1.5.10 and earlier, consider restricting access to the KanboardGlobalConfiguration.java configuration until a patch is available. As a temporary workaround, limit the Overall/Read permission to minimize the risk of exploitation.