Lucene search

GitHub Advisory DatabaseGHSA-X8J7-VXH9-P67G

HistoryOct 19, 2022 - 7:00 p.m.

CSRF vulnerability in Jenkins Katalon Plugin allows capturing credentials

2022-10-1919:00:18

CWE-352

GitHub Advisory Database

github.com

jenkins

katalon plugin

csrf

vulnerability

http endpoints

credentials

post requests

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

36.8%

JSON

Katalon Plugin 1.0.33 and earlier does not require POST requests for several HTTP endpoints, resulting in cross-site request forgery (CSRF) vulnerabilities.

This vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Katalon Plugin 1.0.34 requires POST requests for the affected HTTP endpoints.

Affected configurations

Vulners

Node

org.jenkinsci.plugins\Matchkatalon

References

www.openwall.com/lists/oss-security/2022/10/19/3

github.com/advisories/GHSA-x8j7-vxh9-p67g

nvd.nist.gov/vuln/detail/CVE-2022-43418

www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2845%20(2)

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

36.8%

JSON

Related for GHSA-X8J7-VXH9-P67G