Bug 1561287 (CVE-2018-8718)

Summary: CVE-2018-8718 jenkins-plugin-mailer: Missing permissions check in Mailer.java:doSendTestMail() allows unauthorised users to send mail
Product: [Other] Security Response Reporter: Sam Fowler <sfowler>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: ahardin, bleanhar, ccoleman, dbaker, dedgar, java-sig-commits, jgoulding, jokerman, mchappel, mizdebsk, msrb
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-21 19:59:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1561288, 1565297    
Bug Blocks: 1561289    

Description Sam Fowler 2018-03-28 03:47:02 UTC 
The Jenkins Mailer Plugin through version 1.20 is missing a permissions check in the Mailer.java:doSendTestMail() function. Users with Overall/Read access are able to connect to a user-specified mail server with user-specified credentials to send a test email to a user-specified email address. The email subject and body could not be changed. This could result in DoS if, for example, specifying a valid mail server but invalid credentials.

As the same URL did not require POST to be used, it also was vulnerable to cross-site request forgery.


Upstream Advisory:

https://jenkins.io/security/advisory/2018-03-26/


Upstream Patch:

https://github.com/jenkinsci/mailer-plugin/commit/98e79cf904769907f83894e29f50ed6b3e7eb135
Comment 1 Sam Fowler 2018-03-28 03:47:37 UTC 
Created jenkins-mailer-plugin tracking bugs for this issue:

Affects: fedora-all [bug 1561288]