oss-sec mailing list archives

Re: Multiple vulnerabilities in Jenkins plugins

From: Daniel Beck <ml () beckweb net>
Date: Mon, 25 Mar 2019 17:17:44 +0100

On 25. Mar 2019, at 16:09, Daniel Beck <ml () beckweb net> wrote:

SECURITY-976
Notification Plugin Plugin did not perform permission checks on a method 
implementing form validation. This allowed users with Overall/Read access 
to Jenkins to connect to an attacker-specified URL using attacker-specified 
credentials IDs obtained through another method, capturing credentials 
stored in Jenkins.

Additionally, this form validation method did not require POST requests, 
resulting in a cross-site request forgery vulnerability.


Correction: This is about Slack Notification Plugin.

Current thread:

Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jan 28)
- Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Feb 06)
- <Possible follow-ups>
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Feb 19)
  - Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Feb 23)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Mar 06)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Mar 25)
  - Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Mar 25)
  - Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Mar 28)