Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04eHdqLTJ3Z2gtZ3ByaM4AAttK
Lack of authentication mechanism in Jenkins Git Plugin webhook
Git Plugin provides a webhook endpoint at /git/notifyCommit that can be used to notify Jenkins of changes to an SCM repository. For its most basic functionality, this endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. In Git Plugin 4.11.3 and earlier, this endpoint can be accessed with GET requests and without authentication.
This webhook endpoint does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.
Git Plugin 4.11.4 requires a token parameter which will act as an authentication for the webhook endpoint. While GET requests remain allowed, attackers would need to be able to provide a webhook token. For more information see the plugin documentation.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04eHdqLTJ3Z2gtZ3ByaM4AAttK
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: 4 months ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Identifiers: GHSA-8xwj-2wgh-gprh, CVE-2022-36882
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-36882
- https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-284
- http://www.openwall.com/lists/oss-security/2022/07/27/1
- https://github.com/jenkinsci/git-plugin/commit/b46165c74a0bf15e08763de2e506005624d5d238
- https://github.com/advisories/GHSA-8xwj-2wgh-gprh
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.plugins:git
Affected Version Ranges: <= 4.11.3Fixed in: 4.11.4