Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-8gc7-whph-rx5q: Jenkins Test Results Aggregator Plugin vulnerable to Cross Site Request Forgery

Jenkins Test Results Aggregator Plugin 1.2.13 and earlier does not perform a permission check in an HTTP endpoint implementing form validation.

This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.

Additionally, this HTTP endpoint does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

ghsa
#csrf#vulnerability#git#java#maven

Package

maven org.jenkins-ci.plugins:test-results-aggregator (Maven)

Affected versions

<= 1.2.13

Patched versions

None

Description

Jenkins Test Results Aggregator Plugin 1.2.13 and earlier does not perform a permission check in an HTTP endpoint implementing form validation.

This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.

Additionally, this HTTP endpoint does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

References

  • https://nvd.nist.gov/vuln/detail/CVE-2023-37955
  • https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3122

Published to the GitHub Advisory Database

Jul 12, 2023

Reviewed

Jul 12, 2023

Last updated

Jul 12, 2023

Related news

CVE-2023-37948: Jenkins Security Advisory 2023-07-12

Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks.

CVE-2023-37963: Jenkins Security Advisory 2023-07-12

A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system.

CVE-2023-37959: Jenkins Security Advisory 2023-07-12

A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.

CVE-2023-37949: Jenkins Security Advisory 2023-07-12

A missing permission check in Jenkins Orka by MacStadium Plugin 1.33 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE-2023-37942: Jenkins Security Advisory 2023-07-12

Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVE-2023-37947: Jenkins Security Advisory 2023-07-12

Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.

CVE-2023-37956: Jenkins Security Advisory 2023-07-12

A missing permission check in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.

CVE-2023-37950: Jenkins Security Advisory 2023-07-12

A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

CVE-2023-37951: Jenkins Security Advisory 2023-07-12

Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.

CVE-2023-37965: Jenkins Security Advisory 2023-07-12

A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE-2023-37945: Jenkins Security Advisory 2023-07-12

A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the current security realm.