A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that…
mitre·CWE-441·Published 2018-08-01
A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials.
A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials.
A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials. Additionally, this form validation method did not require POST requests, resulting in a CSRF vulnerability. As of version 0.11, this form validation method requires POST requests and Overall/Administer permissions.
A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials. Additionally, this form validation method did not require POST requests, resulting in a CSRF vulnerability. As of version 0.11, this form validation method requires POST requests and Overall/Administer permissions.
Existe una vulnerabilidad "confused deputy" en el plugin Publisher Over CIFS en Jenkins en versiones 0.10 y anteriores en CifsPublisherPluginDescriptor.java que permite que los atacantes hagan que Jenkins se conecte a un servidor CIFS especificado por el atacante con credenciales especificadas por el atacante.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 4.9 | 6.8 | 4.9 | AV:N/AC:M/Au:S/C:P/I:P/A:N |
| 3.0 | Primary | NVD | 4.2 | 1.6 | 2.5 | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N |
| 3.1 | Secondary | GHSA | 4.2 | — | — | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N |