Medium severity5.4NVD Advisory· Published Jun 5, 2018· Updated Jun 17, 2026
CVE-2018-1000188
CVE-2018-1000188
Description
A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:cas-pluginMaven | < 1.4.2 | 1.4.2 |
Affected products
1Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-f8r7-7hv9-7f43ghsaADVISORY
- jenkins.io/security/advisory/2018-06-04/nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-1000188ghsaADVISORY
- github.com/jenkinsci/cas-plugin/commit/25d952151d61dec3627e875f03ac4f648d5e883dghsaWEB
News mentions
0No linked articles in our index yet.