[JENKINS:SECURITY-1005-1] CSRF vulnerability and missing permission checks in `kubernetes-ci` allowed capturing credentials

Severity High

Affected Packages 2

CVEs 2

kubernetes-ci does not perform permission checks on a method implementing form validation.
This allows users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Additionally, the form validation method does not require POST requests, resulting in a CSRF vulnerability.

As of publication of this advisory, there is no fix.

Package	Affected Version
pkg:maven/org.jenkins-ci.plugins/kubernetes-ci	<= 1.3
pkg:github/jenkinsci/kubernetes-ci-plugin	<= 1.3

ID

JENKINS:SECURITY-1005-1

Severity

high

Published

2019-10-23T00:00:00
(4 years ago)

Modified

2019-10-23T00:00:00
(4 years ago)

Rights

Jenkins Security Team

Other Advisories

Source	# ID	Name	URL
Plugin repository		kubernetes-ci repository	https://github.com/jenkinsci/kubernetes-ci-plugin

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.jenkins-ci.plugins/kubernetes-ci	org.jenkins-ci.plugins	kubernetes-ci	<= 1.3
Affected	pkg:github/jenkinsci/kubernetes-ci-plugin	jenkinsci	kubernetes-ci-plugin	<= 1.3

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date