[MAVEN:GHSA-9VRM-747R-668V] Jenkins Nexus Platform Plugin missing permission check
Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation.
This allows attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.
Additionally, the plugin does not configure its XML parser to prevent XML external entity (XXE) attacks, so attackers can have Jenkins parse a crafted XML response that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
Additionally, these form validation methods do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.
Nexus Platform Plugin 3.18.1-01 configures its XML parser to prevent XML external entity (XXE) attacks.
Additionally, POST requests and Overall/Administer permission are required for the affected HTTP endpoints.
Package | Affected Version |
---|---|
pkg:maven/org.sonatype.nexus.ci/nexus-jenkins-plugin | < 3.18.1-01 |
Package | Fixed Version |
---|---|
pkg:maven/org.sonatype.nexus.ci/nexus-jenkins-plugin | = 3.18.1-01 |
- ID
- MAVEN:GHSA-9VRM-747R-668V
- Severity
- high
- URL
- https://github.com/advisories/GHSA-9vrm-747r-668v
- Published
-
2023-12-13T18:31:04
(9 months ago) - Modified
-
2023-12-18T23:39:41
(9 months ago) - Rights
- Maven Security Team
- Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.sonatype.nexus.ci/nexus-jenkins-plugin | org.sonatype.nexus.ci | nexus-jenkins-plugin | < 3.18.1-01 | |||
Fixed | pkg:maven/org.sonatype.nexus.ci/nexus-jenkins-plugin | org.sonatype.nexus.ci | nexus-jenkins-plugin | = 3.18.1-01 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |