Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-r72x-2h45-p59x: Jenkins Digital.ai App Management Publisher Plugin vulnerable to Cross-Site Request Forgery

Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier does not perform permission checks in several HTTP endpoints.

This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

ghsa
#csrf#vulnerability#git#java#maven

Package

maven org.jenkins-ci.plugins:ease-plugin (Maven)

Affected versions

<= 2.6

Patched versions

None

Description

Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier does not perform permission checks in several HTTP endpoints.

This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

References

  • https://nvd.nist.gov/vuln/detail/CVE-2023-35148
  • https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-2911
  • http://www.openwall.com/lists/oss-security/2023/06/14/5

Published to the GitHub Advisory Database

Jun 14, 2023

Reviewed

Jun 14, 2023

Last updated

Jun 14, 2023

Related news

CVE-2023-32261: Jenkins Security Advisory 2023-06-14

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/

CVE-2023-3315: Jenkins Security Advisory 2023-06-14

Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

CVE-2023-35141: Jenkins Security Advisory 2023-06-14

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu.

CVE-2023-35146: Jenkins Security Advisory 2023-06-14

Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create jobs.

CVE-2023-35142: Jenkins Security Advisory 2023-06-14

Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default.

CVE-2023-35147: Jenkins Security Advisory 2023-06-14

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system.

CVE-2023-35143: Jenkins Security Advisory 2023-06-14

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control maven project versions in `pom.xml`.

CVE-2023-35149: Jenkins Security Advisory 2023-06-14

A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins.

CVE-2023-35145: Jenkins Security Advisory 2023-06-14

Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission.

CVE-2023-35144: Jenkins Security Advisory 2023-06-14

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability.