Description

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu.

Remediation

References

https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3135

http://www.openwall.com/lists/oss-security/2023/06/14/5

Related Vulnerabilities

CVE-2016-0732 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server

CVE-2022-43411 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-plugin

CVE-2022-38723 Vulnerability in maven package io.gravitee.apim.rest.api:gravitee-apim-rest-api-service

CVE-2023-38695 Vulnerability in npm package @simonsmith/cypress-image-snapshot

CVE-2022-31160 Vulnerability in maven package org.webjars:jquery-ui

Severity

Critical

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Tags

Vendor Advisory Mailing List Third Party Advisory