When generating job configurations using the Jenkins import plugin, users must ensure that HTTP endpoints are configured to perform a permission check before allowing access to internal endpoints. If not, an attacker with Overall/Read permission on the Jenkins host could enumerate information about the Jenkins installations that are being imported, including passwords stored in Jenkins.

The Jenkins import plugin versions prior to 3.5 did not perform a permission check on HTTP endpoints, allowing attackers with Overall/Read permission to enumerate information about Jenkins installations that are being imported, including passwords stored in Jenkins. The following is an example of an attacker enumerating information about Jenkins installations that are being imported, including passwords stored in Jenkins. form method="POST" action="https://example.com/manage.php?plugin=jenkins-import&group=jenkins">

PASTE input type="hidden" name="plugin" value="jenkins-import">

PASTE input type="text" name="username" value="admin">

PASTE input type="password" name="credentials" value="secret">

PASTE input type="submit" value="Generate"/>

/form>

To protect against the Jenkins Job Import plugin enumerating information about Jenkins installations that are being imported, administrators must ensure that HTTP endpoints are configured to perform a permission check before allowing access to internal endpoints. If not, an attacker with

Mitigation

An attacker with Overall/Read permission on the Jenkins host could enumerate information about the Jenkins installations that are being imported, including passwords stored in Jenkins.
To protect against the Jenkins Job Import plugin enumerating information about Jenkins installations that are being imported, administrators must ensure that HTTP endpoints are configured to perform a permission check before allowing access to internal endpoints. If not, an attacker with Overall/Read permission on the Jenkins host could enumerate information about the Jenkins installations that are being imported, including passwords stored in Jenkins.

CVE-2023-43414

When generating job configurations using the Jenkins import plugin, users must ensure that HTTP endpoints are configured to perform a permission check before allowing access to internal endpoints. If not, an attacker with Overall/Read permission on the Jenkins host could enumerate information about the Jenkins installations that are being imported, including passwords stored in Jenkins.
The Jenkins import plugin versions prior to 3.5 did not perform a permission check on HTTP endpoints, allowing attackers with Overall/Read permission to enumerate information about Jenkins installations that are being imported, including passwords stored in Jenkins. The following is an example of an attacker enumerating information about Jenkins installations that are being imported, including passwords stored in Jenkins. specification="POST" action="https://example.com/manage.php?plugin=jenkins-import&group=jenkins">

PASTE input type="hidden" name="plugin" value="jenkins-import">

PASTE input type="text" name="username" value="admin">

PASTE input type="password" name="credentials" value="secret">

PASTE input type="submit" value="Generate"/>

/form>
To protect against the Jenkins Job Import plugin enumerating information about Jenkins installations that are being imported, administrators must ensure that HTTP endpoints are configured to perform a permission check before allowing access to internal endpoints. If not, an attacker with

Timeline

Published on: 10/19/2022 16:15:00 UTC
Last modified on: 10/21/2022 03:42:00 UTC

References