Jenkins Fortify Plugin missing permission check

2023-08-2200:31:10

Google

osv.dev

jenkins

fortify plugin

permission checks

http

endpoints

csrf

vulnerability

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

13.3%

JSON

Jenkins Fortify Plugin 22.1.38 and earlier does not perform permission checks in several HTTP endpoints.

This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

Fortify Plugin 22.2.39 requires POST requests and the appropriate permissions for the affected HTTP endpoints.

CPENameOperatorVersion
org.jenkins-ci.plugins:fortifyeq19.1.28
org.jenkins-ci.plugins:fortifyeq20.2.35
org.jenkins-ci.plugins:fortifyeq19.1.29
org.jenkins-ci.plugins:fortifyeq21.2.37
org.jenkins-ci.plugins:fortifyeq21.1.36
org.jenkins-ci.plugins:fortifyeq20.2.34
org.jenkins-ci.plugins:fortifyeq19.2.30
org.jenkins-ci.plugins:fortifyeq20.1.33
org.jenkins-ci.plugins:fortifyeq20.1.32
org.jenkins-ci.plugins:fortifyeq22.1.38

Name	Operator	Version
org.jenkins-ci.plugins:fortify	eq	19.1.28
org.jenkins-ci.plugins:fortify	eq	20.2.35
org.jenkins-ci.plugins:fortify	eq	19.1.29
org.jenkins-ci.plugins:fortify	eq	21.2.37
org.jenkins-ci.plugins:fortify	eq	21.1.36
org.jenkins-ci.plugins:fortify	eq	20.2.34
org.jenkins-ci.plugins:fortify	eq	19.2.30
org.jenkins-ci.plugins:fortify	eq	20.1.33
org.jenkins-ci.plugins:fortify	eq	20.1.32
org.jenkins-ci.plugins:fortify	eq	22.1.38