Lucene search

GoogleOSV:GHSA-G4PQ-P927-7PGG

HistoryAug 16, 2023 - 3:30 p.m.

Jenkins Blue Ocean Plugin cross-site request forgery vulnerability

2023-08-1615:30:18

Google

osv.dev

jenkins

blue ocean

plugin

cross-site request forgery

vulnerability

http

endpoint

github

credentials

scm url

security fix

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

30.2%

JSON

Jenkins Blue Ocean Plugin 1.27.5 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.

This issue is due to an incomplete fix of SECURITY-2502.

Blue Ocean Plugin 1.27.5.1 uses the configured SCM URL, instead of a user-specified URL provided as a parameter to the HTTP endpoint.

References

www.openwall.com/lists/oss-security/2023/08/16/3

nvd.nist.gov/vuln/detail/CVE-2023-40341

www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3116

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

30.2%

JSON

Related for OSV:GHSA-G4PQ-P927-7PGG