Multiple vulnerabilities in Jenkins Support Core Plugin



Published: 2019-11-22
Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2019-16539
CVE-2019-16540
CWE-ID CWE-264
CWE-22
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Support Core
Web applications / Modules and components for CMS

Vendor Jenkins

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU22917

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-16539

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to the affected plugin does not perform a permission check. A remote authenticated attacker with Overall/Read permission can delete support bundles and any arbitrary other file, with a known name/path.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Support Core: 1.0 - 2.63


CPE2.3 External links

http://jenkins.io/security/advisory/2019-11-21/#SECURITY-1634

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Path traversal

EUVDB-ID: #VU22918

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-16540

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to the affected plugin does not validate the paths submitted for the "Delete Support Bundles" feature. A remote authenticated attacker can send a specially crafted HTTP request and delete arbitrary files on the Jenkins master file system accessible to the OS user account running Jenkins.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Support Core: 1.0 - 2.63


CPE2.3 External links

http://jenkins.io/security/advisory/2019-11-21/#SECURITY-1634

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###