Jenkins AppSpider Plugin missing permission check

2023-05-1618:30:16

Google

osv.dev

jenkins

appspider

plugin

permission check

vulnerability

csrf

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

0.0005 Low

EPSS

Percentile

17.5%

JSON

Jenkins AppSpider Plugin 1.0.15 and earlier does not perform a permission check in a method implementing form validation.

This allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials.

Additionally, this form validation method does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

AppSpider Plugin 1.0.16 requires POST requests and Overall/Administer permission for the affected form validation method.

CPENameOperatorVersion
com.rapid7:jenkinsci-appspider-plugineq1.0.2
com.rapid7:jenkinsci-appspider-plugineq1.0.12
com.rapid7:jenkinsci-appspider-plugineq1.0.4
com.rapid7:jenkinsci-appspider-plugineq1.0.5
com.rapid7:jenkinsci-appspider-plugineq1.0.11
com.rapid7:jenkinsci-appspider-plugineq1.0.15
com.rapid7:jenkinsci-appspider-plugineq1.0.8
com.rapid7:jenkinsci-appspider-plugineq1.0.10
com.rapid7:jenkinsci-appspider-plugineq1.0.3
com.rapid7:jenkinsci-appspider-plugineq1.0.7

Name	Operator	Version
com.rapid7:jenkinsci-appspider-plugin	eq	1.0.2
com.rapid7:jenkinsci-appspider-plugin	eq	1.0.12
com.rapid7:jenkinsci-appspider-plugin	eq	1.0.4
com.rapid7:jenkinsci-appspider-plugin	eq	1.0.5
com.rapid7:jenkinsci-appspider-plugin	eq	1.0.11
com.rapid7:jenkinsci-appspider-plugin	eq	1.0.15
com.rapid7:jenkinsci-appspider-plugin	eq	1.0.8
com.rapid7:jenkinsci-appspider-plugin	eq	1.0.10
com.rapid7:jenkinsci-appspider-plugin	eq	1.0.3
com.rapid7:jenkinsci-appspider-plugin	eq	1.0.7