Description

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/06/14/5

https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3135

Related Vulnerabilities

CVE-2023-40037 Vulnerability in maven package org.apache.nifi:nifi-dbcp-base

CVE-2020-2185 Vulnerability in maven package org.jenkins-ci.plugins:ec2

CVE-2023-37602 Vulnerability in maven package org.opencms:opencms-core

CVE-2016-3092 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2023-37962 Vulnerability in maven package io.jenkins.plugins:benchmark-evaluator

Severity

Critical

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory