This access level information is often used to target phishing attacks, as the attacker can impersonate a specific team member, making it more likely that an unsuspecting victim will click on the link in an email, which will then open an attacker-controlled web browser and download malicious software. Avoid clicking on links in email messages. Jenkins has a security mechanism called webhooks, which allows plugins to receive notifications when jobs are created, updated, or deleted. In this case, the webhook of the Jenkins plugin v1.751.1 and earlier was accessible to any user. This includes users with no permission to trigger the poll. To protect yourself from this type of attack, we recommend you restrict access to the Jenkins server to only users with permission to trigger the poll. If you do not have permission to trigger the poll, you should not be able to see the webhook endpoint in Jenkins.

CVE-2023-43411

CVE-2023-43411 was publicly disclosed in May 2018 by a researcher from Cisco Talos. This vulnerability is related to Jenkins webhooks and could allow an attacker who can trigger the poll to reset the password for any user in your organization, including administrators.

Timeline

Published on: 10/19/2022 16:15:00 UTC
Last modified on: 11/03/2022 17:43:00 UTC

References