Lucene search

GitHub Advisory DatabaseGHSA-G4PQ-P927-7PGG

HistoryAug 16, 2023 - 3:30 p.m.

Jenkins Blue Ocean Plugin cross-site request forgery vulnerability

2023-08-1615:30:18

CWE-352

GitHub Advisory Database

github.com

jenkins

blue ocean plugin

csrf

vulnerability

github

credentials

scm url

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

30.2%

JSON

Jenkins Blue Ocean Plugin 1.27.5 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.

This issue is due to an incomplete fix of SECURITY-2502.

Blue Ocean Plugin 1.27.5.1 uses the configured SCM URL, instead of a user-specified URL provided as a parameter to the HTTP endpoint.

Affected configurations

Vulners

Node

io.jenkins.blueocean\Matchblueocean

References

www.openwall.com/lists/oss-security/2023/08/16/3

github.com/advisories/GHSA-g4pq-p927-7pgg

nvd.nist.gov/vuln/detail/CVE-2023-40341

www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3116

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

30.2%

JSON

Related for GHSA-G4PQ-P927-7PGG