Incorrect Permission Assignment for Critical Resource in Jenkins Mailer Plugin
Moderate severity
GitHub Reviewed
Published
Jan 13, 2022
to the GitHub Advisory Database
•
Updated Dec 27, 2023
Package
Affected versions
>= 391.ve4a38c1bcf4b, < 408.vd726a
< 1.34.2
Patched versions
408.vd726a
1.34.2
Description
Published by the National Vulnerability Database
Jan 12, 2022
Published to the GitHub Advisory Database
Jan 13, 2022
Reviewed
Jun 20, 2022
Last updated
Dec 27, 2023
Credits
-
westonsteimel Analyst
Jenkins Mailer Plugin prior to 408.vd726a_1130320 and 1.34.2 does not perform a permission check in a method implementing form validation.
This allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
Additionally, this form validation method does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.
Mailer Plugin 408.vd726a_1130320 and 1.34.2 requires POST requests and Overall/Administer permission for the affected form validation method.
References