CVE-2022-43413 The Jenkins Job Import Plugin 3.5 and earlier doesn't perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs.
When generating job configurations using the Jenkins import plugin, users must ensure that HTTP endpoints are configured to perform a permission check before allowing access to internal endpoints. If not, an attacker with Overall/Read permission on the Jenkins host could enumerate information about the Jenkins installations that are being imported, including passwords stored in Jenkins.
The Jenkins import plugin versions prior to 3.5 did not perform a permission check on HTTP endpoints, allowing attackers with Overall/Read permission to enumerate information about Jenkins installations that are being imported, including passwords stored in Jenkins. The following is an example of an attacker enumerating information about Jenkins installations that are being imported, including passwords stored in Jenkins. form method="POST" action="https://example.com/manage.php?plugin=jenkins-import&group=jenkins">
PASTE input type="hidden" name="plugin" value="jenkins-import">
PASTE input type="text" name="username" value="admin">
PASTE input type="password" name="credentials" value="secret">
PASTE input type="submit" value="Generate"/>
/form>
To protect against the Jenkins Job Import plugin enumerating information about Jenkins installations that are being imported, administrators must ensure that HTTP endpoints are configured to perform a permission check before allowing access to internal endpoints. If not, an attacker with
Mitigation
An attacker with Overall/Read permission on the Jenkins host could enumerate information about the Jenkins installations that are being imported, including passwords stored in Jenkins.
To protect against the Jenkins Job Import plugin enumerating information about Jenkins installations that are being imported, administrators must ensure that HTTP endpoints are configured to perform a permission check before allowing access to internal endpoints. If not, an attacker with Overall/Read permission on the Jenkins host could enumerate information about the Jenkins installations that are being imported, including passwords stored in Jenkins.
CVE-2023-43414
When generating job configurations using the Jenkins import plugin, users must ensure that HTTP endpoints are configured to perform a permission check before allowing access to internal endpoints. If not, an attacker with Overall/Read permission on the Jenkins host could enumerate information about the Jenkins installations that are being imported, including passwords stored in Jenkins.
The Jenkins import plugin versions prior to 3.5 did not perform a permission check on HTTP endpoints, allowing attackers with Overall/Read permission to enumerate information about Jenkins installations that are being imported, including passwords stored in Jenkins. The following is an example of an attacker enumerating information about Jenkins installations that are being imported, including passwords stored in Jenkins. specification="POST" action="https://example.com/manage.php?plugin=jenkins-import&group=jenkins">
PASTE input type="hidden" name="plugin" value="jenkins-import">
PASTE input type="text" name="username" value="admin">
PASTE input type="password" name="credentials" value="secret">
PASTE input type="submit" value="Generate"/>
/form>
To protect against the Jenkins Job Import plugin enumerating information about Jenkins installations that are being imported, administrators must ensure that HTTP endpoints are configured to perform a permission check before allowing access to internal endpoints. If not, an attacker with
Timeline
Published on: 10/19/2022 16:15:00 UTC
Last modified on: 10/21/2022 03:42:00 UTC