CSRF vulnerability and missing permission checks in Jenkins Extended Choice Parameter Plugin allow SSRF

2022-03-1600:00:44

Google

osv.dev

0.001 Low

EPSS

Percentile

34.5%

JSON

Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not perform a permission check on form validation methods. This allows attackers with Overall/Read permission to connect to an attacker-specified URL.

Additionally, these form validation methods do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

CPENameOperatorVersion
org.jenkins-ci.plugins:extended-choice-parametereq0.36
org.jenkins-ci.plugins:extended-choice-parametereq346.vd87693c5a_86c
org.jenkins-ci.plugins:extended-choice-parametereq0.64
org.jenkins-ci.plugins:extended-choice-parametereq0.69
org.jenkins-ci.plugins:extended-choice-parametereq0.54
org.jenkins-ci.plugins:extended-choice-parametereq0.19
org.jenkins-ci.plugins:extended-choice-parametereq0.43
org.jenkins-ci.plugins:extended-choice-parametereq0.35
org.jenkins-ci.plugins:extended-choice-parametereq0.53
org.jenkins-ci.plugins:extended-choice-parametereq0.75

Name	Operator	Version
org.jenkins-ci.plugins:extended-choice-parameter	eq	0.36
org.jenkins-ci.plugins:extended-choice-parameter	eq	346.vd87693c5a_86c
org.jenkins-ci.plugins:extended-choice-parameter	eq	0.64
org.jenkins-ci.plugins:extended-choice-parameter	eq	0.69
org.jenkins-ci.plugins:extended-choice-parameter	eq	0.54
org.jenkins-ci.plugins:extended-choice-parameter	eq	0.19
org.jenkins-ci.plugins:extended-choice-parameter	eq	0.43
org.jenkins-ci.plugins:extended-choice-parameter	eq	0.35
org.jenkins-ci.plugins:extended-choice-parameter	eq	0.53
org.jenkins-ci.plugins:extended-choice-parameter	eq	0.75