CVE-2019-1003020

MEDIUM

Jenkins Kanboard Plugin <1.5.10 - SSRF

Title source: llm

Description

A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://jenkins.io/security/advisory/2019-01-28/#SECURITY-818

Scores

CVSS v3 4.3

EPSS 0.0003

EPSS Percentile 9.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-918

Status published

Products (2)

jenkins/kanboard < 1.5.10

org.jenkins-ci.plugins/kanboard 0 - 1.5.11Maven

Published Feb 06, 2019

Tracked Since Feb 18, 2026