cpe:/a:jenkins:git:3.9.0::~~~jenkins~~ CVE-2018-1000182 2018-06-05T16:29:00.373-04:00 2018-07-18T14:06:06.280-04:00 5.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL NONE http://nvd.nist.gov 2018-07-16T10:36:38.780-04:00 CONFIRM https://jenkins.io/security/advisory/2018-06-04/#SECURITY-810 A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.