Miggo Logo

CVE-2019-1003008: Jenkins Warnings Next Generation Plugin cross-site request forgery vulnerability

8.8

CVSS Score
3.0

Basic Information

EPSS Score
0.21044%
Published
5/13/2022
Updated
10/25/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
io.jenkins.plugins:warnings-ngmaven<= 2.1.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description explicitly mentions a form validation HTTP endpoint in GroovyParser.java that validated Groovy scripts. Jenkins form validation endpoints typically use 'doCheck' prefix methods. The combination of 1) lacking POST requirement (CSRF vector) and 2) missing sandbox protection for Groovy compilation directly points to the script validation handler. The file path is confirmed by NVD's vulnerability detail reference to GroovyParser.java.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins W*rnin*s N*xt **n*r*tion Plu*in **s * *orm v*li**tion *TTP *n*point us** to v*li**t* * *roovy s*ript t*rou** *ompil*tion, w*i** w*s not su*j**t to s*n**ox prot**tion. T** *n*point ****k** *or t** Ov*r*ll/RunS*ripts p*rmission, *ut *i* not r*q

Reasoning

T** vuln*r**ility **s*ription *xpli*itly m*ntions * *orm v*li**tion *TTP *n*point in `*roovyP*rs*r.j*v*` t**t v*li**t** *roovy s*ripts. J*nkins *orm v*li**tion *n*points typi**lly us* `'*o****k'` pr**ix m*t*o*s. T** *om*in*tion o* *) l**kin* POST r*q