CVE-2018-1000184: Jenkins GitHub Plugin server-side request forgery vulnerability exists
5.4
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.06877%
CWE
Published
5/14/2022
Updated
1/9/2024
KEV Status
No
Technology
Java
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
com.coravy.hudson.plugins.github:github | maven | <= 1.29.0 | 1.29.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from the doCheckHookUrl method in GitHubPluginConfig.java, which handled hook URL validation. Pre-patch, it:
- Lacked permission checks (allowed access with Overall/Read)
- Used GET requests (vulnerable to CSRF/SSRF)
- Directly connected to user-supplied URLs via new URL(value).openConnection() The commit 9a20b7d added Jenkins.ADMINISTER checks, @RequirePOST, and @Restricted annotations to fix these issues. The accompanying test GitHubPluginConfigTest_SEC799.java confirms the SSRF vector via this endpoint.