Vulnerability CVE-2018-8718


Published: 2018-03-27

Description:
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Jenkins Mailer Cross Site Request Forgery
Kl3_GMjq6
06.06.2018

Type:

CWE-352

(Cross-Site Request Forgery (CSRF))

Vendor: Jenkins
Product: Mailer 
Version: 1.20;

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6/10
6.4/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.openwall.com/lists/oss-security/2018/03/26/3
http://www.securityfocus.com/bid/103691
https://jenkins.io/security/advisory/2018-03-26/
https://www.exploit-db.com/exploits/44843/

Related CVE
CVE-2019-10389
A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server.
CVE-2019-10388
A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server.
CVE-2019-10387
A missing permission check in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained...
CVE-2019-10386
A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credenti...
CVE-2019-10385
Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2019-10382
Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM.
CVE-2019-10381
Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM.
CVE-2019-10380
Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.

Copyright 2019, cxsecurity.com

 

Back to Top