oss-sec mailing list archives
Re: Multiple vulnerabilities in Jenkins
From: Daniel Beck <ml () beckweb net>
Date: Wed, 28 Feb 2018 23:18:37 +0100
On 14. Feb 2018, at 16:35, Daniel Beck <ml () beckweb net> wrote: SECURITY-506 The form validation for the proxy configuration form did not check the permission of the user accessing it, allowing anyone with Overall/Read access to Jenkins to cause Jenkins to send a GET request to a specified URL, optionally with a specified proxy configuration. If that request’s HTTP response code indicates success, the form validation is returning a generic success message, otherwise the HTTP status code is returned. It was not possible to reuse an existing proxy configuration to send those requests; that configuration had to be provided by the attacker.
CVE-2018-1000102
SECURITY-717 Jenkins did not take into account case-insensitive file systems when preventing access to plugin resource files that should not be accessible. This allowed users with Overall/Read permission to download plugin resource files in META-INF and WEB-INF directories, such as the plugins' JAR files, which could contain hardcoded secrets.
CVE-2018-1000103
Current thread:
- Re: Multiple vulnerabilities in Jenkins Daniel Beck (Jan 25)
- <Possible follow-ups>
- Multiple vulnerabilities in Jenkins Daniel Beck (Feb 14)
- Re: Multiple vulnerabilities in Jenkins Daniel Beck (Feb 28)