Miggo Logo

CVE-2018-1000184: Jenkins GitHub Plugin server-side request forgery vulnerability exists

5.4

CVSS Score
3.0

Basic Information

EPSS Score
0.06877%
Published
5/14/2022
Updated
1/9/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
com.coravy.hudson.plugins.github:githubmaven<= 1.29.01.29.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the doCheckHookUrl method in GitHubPluginConfig.java, which handled hook URL validation. Pre-patch, it:

  1. Lacked permission checks (allowed access with Overall/Read)
  2. Used GET requests (vulnerable to CSRF/SSRF)
  3. Directly connected to user-supplied URLs via new URL(value).openConnection() The commit 9a20b7d added Jenkins.ADMINISTER checks, @RequirePOST, and @Restricted annotations to fix these issues. The accompanying test GitHubPluginConfigTest_SEC799.java confirms the SSRF vector via this endpoint.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* s*rv*r-si** r*qu*st *or**ry vuln*r**ility *xists in J*nkins *it*u* Plu*in *.**.* *n* ol**r in *it*u*Plu*in*on*i*.j*v* t**t *llows *tt**k*rs wit* Ov*r*ll/R*** ****ss to **us* J*nkins to s*n* * **T r*qu*st to * sp**i*i** URL.

Reasoning

T** vuln*r**ility st*ms *rom t** *o****k*ookUrl m*t*o* in *it*u*Plu*in*on*i*.j*v*, w*i** **n*l** *ook URL v*li**tion. Pr*-p*t**, it: *. L**k** p*rmission ****ks (*llow** ****ss wit* Ov*r*ll/R***) *. Us** **T r*qu*sts (vuln*r**l* to *SR*/SSR*) *. *ir