Description

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/06/14/5

https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3135

Related Vulnerabilities

CVE-2022-36098 Vulnerability in maven package org.xwiki.platform:xwiki-platform-mentions-ui

CVE-2019-1003059 Vulnerability in maven package org.jvnet.hudson.plugins:ftppublisher

CVE-2022-31139 Vulnerability in maven package io.github.karlatemp:unsafe-accessor

CVE-2021-26117 Vulnerability in maven package org.apache.activemq:activemq-jaas

CVE-2023-31826 Vulnerability in maven package org.skyscreamer:nevado-jms

Severity

Critical

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory