Miggo Logo

CVE-2019-1003081: CSRF vulnerability in Jenkins OpenShift Deployer Plugin

6.5

CVSS Score
3.1

Basic Information

EPSS Score
0.25378%
Published
5/13/2022
Updated
1/30/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.jenkins-ci.plugins:openshift-deployermaven<= 1.2.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description explicitly identifies DeployApplication.DeployApplicationDescriptor#doCheckLogin as the method with a missing permission check. Jenkins plugin security patterns indicate form validation methods (doCheck* prefixes) require explicit permission checks, which are missing here. The CWE-862 classification and advisory details confirm this is an authorization bypass at the function level.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* missin* p*rmission ****k in J*nkins Op*nS*i*t **ploy*r Plu*in in t** **ploy*ppli**tion.**ploy*ppli**tion**s*riptor#*o****kLo*in *orm v*li**tion m*t*o* *llows *tt**k*rs wit* Ov*r*ll/R*** p*rmission to initi*t* * *onn**tion to *n *tt**k*r-sp**i*i** s

Reasoning

T** vuln*r**ility **s*ription *xpli*itly i**nti*i*s `**ploy*ppli**tion.**ploy*ppli**tion**s*riptor#*o****kLo*in` *s t** m*t*o* wit* * missin* p*rmission ****k. J*nkins plu*in s**urity p*tt*rns in*i**t* *orm `v*li**tion` m*t*o*s (*o****k* pr**ix*s) r*