Bug 1596120 (CVE-2018-1000600) - CVE-2018-1000600 jenkins-plugin-github: CSRF vulnerability and missing permission checks in GitHub Plugin allowed capturing credentials (SECURITY-915)
Summary: CVE-2018-1000600 jenkins-plugin-github: CSRF vulnerability and missing permis...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-1000600
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1597136
Blocks: 1596124
TreeView+ depends on / blocked
 
Reported: 2018-06-28 09:35 UTC by Adam Mariš
Modified: 2021-10-25 09:46 UTC (History)
10 users (show)

Fixed In Version: jenkins-plugin-github 1.29.2
Clone Of:
Environment:
Last Closed: 2021-10-25 09:46:45 UTC
Embargoed:

Attachments (Terms of Use)

Description Adam Mariš 2018-06-28 09:35:22 UTC 
A form action method in GitHub Plugin did not check the permission of the user accessing it, allowing anyone with Overall/Read access to Jenkins to cause Jenkins to send a GitHub API request to create an API token to an attacker-specified URL.

This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Additionally, this form validation method did not require POST requests, resulting in a CSRF vulnerability.

External References:

https://jenkins.io/security/advisory/2018-06-25/
Note You need to log in before you can comment on or make changes to this bug.