https://bugzilla.redhat.com/show_bug.cgi?id=1576712
Bug ID: 1576712
Summary: jenkins: Users with Overall/Read permission were able
to send GET requests to any URL (SECURITY-794)
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: ahardin(a)redhat.com, bleanhar(a)redhat.com,
ccoleman(a)redhat.com, dedgar(a)redhat.com,
dmcphers(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jgoulding(a)redhat.com, jokerman(a)redhat.com,
kseifried(a)redhat.com, mchappel(a)redhat.com,
mizdebsk(a)redhat.com, msrb(a)redhat.com
The form validation code for a tool installer improperly checked permissions,
allowing any user with Overall/Read permission to submit a HTTP GET request to
any user specified URL, and learn whether the response was successful (HTTP
200) or not.
Additionally, this functionality did not require POST requests be used, thereby
allowing the above to be performed without direct access to Jenkins via
Cross-Site Request Forgery attacks.
External References:
https://jenkins.io/security/advisory/2018-05-09/
--
You are receiving this mail because:
You are on the CC list for the bug.