Miggo Logo
Book a Demo
Miggo Vulnerability Database
CVE-2018-1000411

CVE-2018-1000411:
Jenkins JUnit Plugin CSRF vulnerability

6.5

CVSS Score

Basic Information

CVE ID
CVE-2018-1000411
GHSA ID
GHSA-x9gm-m8pp-54vx
EPSS Score
-
CWE
CWE-352
Published
5/14/2022
Updated
1/9/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.jenkins-ci.plugins:junitmaven<= 1.251.26

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from a missing CSRF protection mechanism in the test description submission endpoint. The advisory explicitly states the lack of POST request enforcement in TestObject.java. The patched commit adds the @RequirePOST annotation to doSubmitDescription, confirming this was the vulnerable entry point. The method's role in modifying test results aligns with the described attack vector.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* *ross-sit* r*qu*st *or**ry vuln*r**ility *xists in J*nkins JUnit Plu*in *.** *n* **rli*r in T*stO*j**t.j*v* t**t *llows s*ttin* t** **s*ription o* * t*st r*sult.

Reasoning

T** vuln*r**ility st*ms *rom * missin* *SR* prot**tion m****nism in t** t*st **s*ription su*mission *n*point. T** **visory *xpli*itly st*t*s t** l**k o* POST r*qu*st *n*or**m*nt in T*stO*j**t.j*v*. T** p*t**** *ommit ***s t** @R*quir*POST *nnot*tion