Описание
Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure) to connect to any web server or Subversion server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery attacks.
Subversion Plugin improperly checked permissions, requiring just Item/Build instead of Item/Configure when used. This allows a user to specify an attacker-controlled Subversion server which can then be used to collect credentials used by the Subversion plugin.
Отчет
This issue affects the versions of jenkins-plugin-subversion as shipped with Red Hat OpenShift Enterprise 3. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Enterprise 3 | jenkins-plugin-subversion | Will not fix | ||
| Red Hat OpenShift Container Platform 3.6 | atomic-openshift | Fixed | RHBA-2017:2642 | 08.09.2017 |
| Red Hat OpenShift Container Platform 3.6 | fluentd | Fixed | RHBA-2017:2642 | 08.09.2017 |
| Red Hat OpenShift Container Platform 3.6 | jenkins-2-plugins | Fixed | RHBA-2017:2642 | 08.09.2017 |
| Red Hat OpenShift Container Platform 3.6 | kibana | Fixed | RHBA-2017:2642 | 08.09.2017 |
| Red Hat OpenShift Container Platform 3.6 | rubygem-cool.io | Fixed | RHBA-2017:2642 | 08.09.2017 |
| Red Hat OpenShift Container Platform 3.6 | rubygem-excon | Fixed | RHBA-2017:2642 | 08.09.2017 |
| Red Hat OpenShift Container Platform 3.6 | rubygem-faraday | Fixed | RHBA-2017:2642 | 08.09.2017 |
| Red Hat OpenShift Container Platform 3.6 | rubygem-fluent-plugin-kubernetes_metadata_filter | Fixed | RHBA-2017:2642 | 08.09.2017 |
| Red Hat OpenShift Container Platform 3.6 | rubygem-fluent-plugin-viaq_data_model | Fixed | RHBA-2017:2642 | 08.09.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.1 Low
CVSS3
Связанные уязвимости
Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure) to connect to any web server or Subversion server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery attacks.
Jenkins Subversion Plugin Cross-Site Request Forgery vulnerability
EPSS
3.1 Low
CVSS3