Description

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (e.g. with Job/Configure permission), were able to impersonate any other Jenkins user on the same instance.

Remediation

References

http://www.securityfocus.com/bid/98065

https://jenkins.io/security/advisory/2017-04-26/

Related Vulnerabilities

CVE-2021-41164 Vulnerability in maven package org.webjars.npm:ckeditor4

CVE-2017-2646 Vulnerability in maven package org.keycloak:keycloak-saml-core

CVE-2022-29567 Vulnerability in maven package com.vaadin:vaadin-grid-flow

CVE-2021-4279 Vulnerability in maven package org.webjars.npm:fast-json-patch

CVE-2022-21144 Vulnerability in npm package libxmljs

Severity

Critical

Classification

CWE-287 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory VDB Entry Vendor Advisory