GHSA-v7xh-h48c-xw5f

Suggest an improvement
Source
https://github.com/advisories/GHSA-v7xh-h48c-xw5f
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v7xh-h48c-xw5f/GHSA-v7xh-h48c-xw5f.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-v7xh-h48c-xw5f
Aliases
Published
2022-05-24T17:45:45Z
Modified
2024-02-16T07:55:52.232089Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
CSRF vulnerability and in Jenkins OWASP Dependency-Track Plugin allow capturing credentials
Details

Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints.

This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing \"Secret text\" credentials stored in Jenkins. If no credentials ID is specified, the globally configured credential is used, if set up, and can likewise be captured.

Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

Jenkins OWASP Dependency-Track Plugin 3.1.1 requires POST requests and appropriate permissions for the affected HTTP endpoints.

Database specific
{
    "nvd_published_at": "2021-03-30T12:16:00Z",
    "cwe_ids": [
        "CWE-352"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-15T17:25:07Z"
}
References

Affected packages

Maven / org.jenkins-ci.plugins:dependency-track

Package

Name
org.jenkins-ci.plugins:dependency-track
View open source insights on deps.dev
Purl
pkg:maven/org.jenkins-ci.plugins/dependency-track

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.1

Affected versions

1.*

1.0.0
1.1.0
1.1.1

2.*

2.0.0
2.0.1
2.0.2
2.1.0
2.2.0
2.2.1
2.3.0

3.*

3.0.0
3.0.1
3.0.2
3.1.0

Database specific

{
    "last_known_affected_version_range": "<= 3.1.0"
}