8.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-1000603

GHSA ID

GHSA-grf8-94q5-4phx

EPSS Score

0.30823%

CWE

CWE-200

Published

5/13/2022

Updated

12/15/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-1000603

CVE-2018-1000603: CSRF vulnerability and missing permission checks in Openstack Cloud Plugin allowed capturing credentials

A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java, JCloudsSlaveTemplate.java, LauncherFactory.java, OpenstackCredentials.java, OpenStackMachineStep.java, SlaveOptions.java, SlaveOptionsDescriptor.java that allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins, and to cause Jenkins to submit HTTP requests to attacker-specified URLs.

(GitHub Advisory)

8.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-1000603

GHSA ID

GHSA-grf8-94q5-4phx

EPSS Score

0.30823%

CWE

CWE-200

Published

5/13/2022

Updated

12/15/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins:openstack-cloud	maven	<= 2.35	2.37

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from two key issues: 1) Missing CSRF protection (@RequirePOST) on form validation endpoints, and 2) Insufficient permission checks (Item.CONFIGURE/Jenkins.ADMINISTER). The commit diff shows these functions were patched by adding @RequirePOST annotations and explicit permission checks. Functions like doTestConnection and getCredential handled sensitive operations without proper authorization, allowing attackers to exfiltrate credentials. The JCloudsCloud.provision endpoint's missing CSRF protection enabled unauthorized provisioning requests. These changes directly correlate to the CVE description of unauthorized credential access and CSRF vulnerabilities.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* *xposur* o* s*nsitiv* in*orm*tion vuln*r**ility *xists in J*nkins Op*nst**k *lou* Plu*in *.** *n* **rli*r in *ootSour**.j*v*, Inst*n**sToRun.j*v*, J*lou*s*l**nupT*r***.j*v*, J*lou*s*lou*.j*v*, J*lou*s*omput*r.j*v*, J*lou*sPr**r**tionT*r***.j*v*, J*

Reasoning

T** vuln*r**ility st*mm** *rom two k*y issu*s: *) Missin* *SR* prot**tion (@R*quir*POST) on *orm v*li**tion *n*points, *n* *) Insu**i*i*nt p*rmission ****ks (`It*m.*ON*I*UR*`/`J*nkins.**MINIST*R`). T** *ommit *i** s*ows t**s* *un*tions w*r* p*t**** *

8.8

Basic Information

Concerned about an active attack path?

CVE-2018-1000603: CSRF vulnerability and missing permission checks in Openstack Cloud Plugin allowed capturing credentials

8.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI