8.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-1000418

GHSA ID

GHSA-w3f7-2qfw-348x

EPSS Score

0.44134%

CWE

CWE-863

Published

5/13/2022

Updated

2/2/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-1000418

CVE-2018-1000418:
Jenkins HipChat Plugin allows credential capture due to incorrect authorization

An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. As of version 2.2.1, this form validation method requires POST requests and Overall/Administer permissions.

(GitHub Advisory)

8.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-1000418

GHSA ID

GHSA-w3f7-2qfw-348x

EPSS Score

0.44134%

CWE

CWE-863

Published

5/13/2022

Updated

2/2/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jvnet.hudson.plugins:hipchat	maven	< 2.2.1	2.2.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability centers on a form validation method in HipChatNotifier.java that improperly handled authorization. Jenkins plugins typically implement such validation via descriptor methods like doTestConnection in *$DescriptorImpl classes. The advisory explicitly states this method was vulnerable due to missing permission checks and CSRF protections (GET instead of POST). The function name follows Jenkins plugin conventions, and the described exploit mechanism aligns with triggering this test method with malicious parameters.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n improp*r *ut*oriz*tion vuln*r**ility *xists in J*nkins *ip***t Plu*in *.*.* *n* **rli*r in *ip***tNoti*i*r.j*v* t**t *llows *tt**k*rs wit* Ov*r*ll/R*** ****ss to s*n* t*st noti*i**tions to *n *tt**k*r-sp**i*i** *ip***t s*rv*r wit* *tt**k*r-sp**i*i

Reasoning

T** vuln*r**ility **nt*rs on * *orm `v*li**tion` m*t*o* in `*ip***tNoti*i*r.j*v*` t**t improp*rly **n*l** *ut*oriz*tion. `J*nkins` plu*ins typi**lly impl*m*nt su** `v*li**tion` vi* **s*riptor m*t*o*s lik* `*oT*st*onn**tion` in *$**s*riptorImpl *l*ss*

8.8

Basic Information

Concerned about an active attack path?

CVE-2018-1000418: Jenkins HipChat Plugin allows credential capture due to incorrect authorization

8.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2018-1000418:
Jenkins HipChat Plugin allows credential capture due to incorrect authorization

Vulnerability Intelligence
Miggo AI