Red Hat Bugzilla – Bug 1471046
CVE-2017-1000085 jenkins-plugin-subversion: CSRF vulnerability and insufficient permission checks allow capturing credentials (SECURITY-303)
Last modified: 2017-08-18 01:25:53 EDT
Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags).
This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure) to connect to any web server or Subversion server and send credentials with a known ID, thereby possibly capturing them.
Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery attacks.
Name: the Jenkins project
Upstream: Jesse Glick (CloudBees)
This issue affects the versions of jenkins-plugin-subversion as shipped with Red Hat OpenShift Enterprise 3. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.