Main Vulnerability Database SB2019102405

SB2019102405 - Server-Side Request Forgery (SSRF) in Dynatrace Application Monitoring plugin for Jenkins

Published: October 24, 2019

Security Bulletin ID SB2019102405

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2019-10463)

The disclosed vulnerability allows a remote user to perform SSRF attacks.

The vulnerability exists due to the affected plugin does not perform permission checks on a method implementing form validation. A remote authenticated user with Overall/Read permission can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1483%20(2)