Miggo Logo

CVE-2018-1000419: Jenkins HipChat Plugin allows attackers with Overall/Read access to obtain credential IDs

6.5

CVSS Score
3.0

Basic Information

EPSS Score
0.49182%
CWE
-
Published
5/13/2022
Updated
2/2/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.jvnet.hudson.plugins:hipchatmaven< 2.2.12.2.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability centers on unauthorized credential ID enumeration in HipChatNotifier. Jenkins plugins typically implement credential selection through doFill[...]Items methods that populate dropdown lists. The advisory specifically mentions HipChatNotifier.java as the vulnerable component, and the pattern of adding permission checks (Jenkins.ADMINISTER) in the patched version indicates these methods were previously missing authorization controls. The descriptorImpl inner class would contain the configuration endpoints vulnerable to this authorization bypass.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n improp*r *ut*oriz*tion vuln*r**ility *xists in J*nkins *ip***t Plu*in *.*.* *n* **rli*r in *ip***tNoti*i*r.j*v* t**t *llows *tt**k*rs wit* Ov*r*ll/R*** ****ss to o*t*in *r***nti*ls I*s *or *r***nti*ls stor** in J*nkins. *s o* v*rsion *.*.*, *n *nu

Reasoning

T** vuln*r**ility **nt*rs on un*ut*oriz** *r***nti*l I* *num*r*tion in *ip***tNoti*i*r. J*nkins plu*ins typi**lly impl*m*nt *r***nti*l s*l**tion t*rou** *o*ill[...]It*ms m*t*o*s t**t popul*t* *rop*own lists. T** **visory sp**i*i**lly m*ntions *ip***t