1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Apache Jenkins Security ByPass CVE-2019-1003029

Web Attack: Apache Jenkins Security ByPass CVE-2019-1003029

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit various vulnerabilities in Jenkins.

Additional Information

Jenkins is an application monitoring executions of repeated jobs.

Jenkins is prone to the following security vulnerabilities:

1. A security bypass vulnerability that exists in the Script Security plugin. Specifically, this issue occurs during parsing, compilation, and script instantiation. An attacker can exploit this issue by submitting a specially crafted Groovy script to bypass the sandbox mechanism. This may allow an attacker with overall/read permission to execute arbitrary code on the Jenkins master. [CVE-2019-1003029]

2. A security bypass vulnerability that exists in the Groovy plugin. Specifically, this issue occurs during parsing, compilation, and script instantiation. An attacker can exploit this issue by submitting a specially crafted Groovy script to bypass the sandbox mechanism. This may allow an attacker to execute arbitrary code on the Jenkins master. [CVE-2019-1003030]

3. A security bypass vulnerability that exists in the Matrix Project plugin. Specifically, this issue occurs during parsing, compilation, and script instantiation. An attacker can exploit this issue by submitting a specially crafted Groovy script to bypass the sandbox mechanism. This may allow an attacker to execute arbitrary code on the Jenkins master. [CVE-2019-1003031]

4. A security bypass vulnerability that exists in the Email Extension plugin. Specifically, this issue occurs during parsing, compilation, and script instantiation. An attacker can exploit this issue by submitting a specially crafted Groovy script to bypass the sandbox mechanism. This may allow an attacker with overall/read permission to execute arbitrary code on the Jenkins master. [CVE-2019-1003032]

5. A security bypass vulnerability that exists in the Groovy plugin. Specifically, this issue occurs during parsing, compilation, and script instantiation. An attacker can exploit this issue by submitting a specially crafted Groovy script to bypass the sandbox mechanism. This may allow an attacker with overall/read permission to execute arbitrary code on the Jenkins master. [CVE-2019-1003033]

6. A security bypass vulnerability that exists in the Job DSL plugin. Specifically, this issue occurs during parsing, compilation, and script instantiation. An attacker can exploit this issue by submitting a specially crafted Groovy script to bypass the sandbox mechanism. This may allow an attacker to execute arbitrary code on the Jenkins master. [CVE-2019-1003034]

7. An information-disclosure vulnerability due to the missing permission check in a form validation method of Azure VM Agents plugin. An attacker Overall/Read access can exploit this issue to verify a submitted configuration, obtaining limited information about the Azure account and configuration. This may leads to a CSRF attack. [CVE-2019-1003035]

8. A security-bypass vulnerability due to the missing permission check in the HTTP endpoint of the Azure VM Agents. An attacker with overall/read permission can exploit this issue to attach a public IP address to an Azure VM making a virtual machine publicly accessible. [CVE-2019-1003036]

9. An unauthorized-access vulnerability because it fails to properly implement the permission check. Specifically, this issue affects the Azure VM Agents plugin because it provides a list of applicable credential IDs. An attacker with Overall/Read permission can exploit this issue to get a list of valid credentials IDs. [CVE-2019-1003037]

10. An information-disclosure vulnerability exists in Repository Connector plugin. Specifically, this issue occurs because it stores username and password in its configuration unencrypted in its global configuration file on the Jenkins master. An attacker with access to the master file system can exploit this issue to obtain the passwords. [CVE-2019-1003038]

11. An information-disclosure vulnerability exists in AppDynamics Dashboard plugin. Specifically, this issue occurs because it stores username and password in its configuration unencrypted in jobs config.xml files on the Jenkins master. An attacker with access to the master file system can exploit this issue to obtain the passwords. [CVE-2019-1003039]

12. An information-disclosure vulnerability exists in Rabbit-MQ Publisher plugin. Specifically, this issue occurs because it stores username and password in its configuration unencrypted in its global configuration file on the Jenkins master. An attacker with access to the master file system can exploit this issue to obtain the passwords.

13. A security-bypass vulnerability due to the missing permission check in the form validation method of Rabbit-MQ Publisher plugin. An attacker with overall/read permission can exploit this issue to initiate a RabbitMQ connection to an attacker-specified host and port with an attacker-specified username and password. This may leads to a CSRF attack.

14. An information-disclosure vulnerability exists in OSF Builder Suite For Salesforce Commerce Cloud Deploy plugin. Specifically, this issue occurs because it stores HTTP proxy username and password in its configuration unencrypted in its global configuration file on the Jenkins master. An attacker with access to the master file system can exploit this issue to obtain the passwords.

15. A security-bypass vulnerability because it fails to perform the permission check for method performing both form validation and saving new configuration. Specifically, this issue occurs in the Bitbar Run-in-Cloud plugin. An attacker with Overall/Read permission can exploit this issue to connect to attacker-specified host with attacker-specified credentials. This may leads to cross-side request forgery attack.

An attacker may leverage these issues to bypass security restrictions, obtain potentially-sensitive information, perform certain unauthorized actions and gain access to the affected application.

Affected

  • The following Jenkins plugins are vulnerable:
  • AppDynamics Dashboard Plugin version 1.0.14 and prior are vulnerable.
  • Azure VM Agents Plugin version 0.8.0 and prior are vulnerable.
  • Bitbar Run-in-Cloud Plugin version 2.69.1 and prior are vulnerable.
  • Email Extension Plugin version 2.64 and prior are vulnerable.
  • Groovy Plugin version 2.1 and prior are vulnerable.
  • Job DSL Plugin version 1.71 and prior are vulnerable.
  • Matrix Project Plugin version 1.13 and prior are vulnerable.
  • OSF Builder Suite For Salesforce Commerce Cloud :: Deploy Plugin version 1.0.10 and prior are vulnerable.
  • Pipeline: Groovy Plugin version 2.63 and prior are vulnerable.
  • Rabbit-MQ Publisher Plugin version 1.0 and prior are vulnerable.
  • Repository Connector Plugin version 1.2.4 and prior are vulnerable.
  • Script Security Plugin version 1.53 and prior are vulnerable.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube