Miggo Logo

CVE-2019-10310: Jenkins Ansible Tower Plugin cross-site request forgery vulnerability

4.2

CVSS Score
3.0

Basic Information

EPSS Score
0.363%
Published
5/24/2022
Updated
10/26/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.jenkins-ci.plugins:ansible-towermaven<= 0.9.10.9.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability centers on two methods in TowerInstallationDescriptor:

  1. doTestTowerConnection - Directly handles connection validation without proper authz checks or CSRF protection, as shown in exploit examples
  2. doFillTowerCredentialsIdItems - Enables credential ID enumeration prerequisite for exploitation Both are explicitly named in vulnerability reports and required security fixes (POST enforcement + permission elevation). The Java package structure follows Jenkins plugin conventions, with descriptor methods being entry points for web requests.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins *nsi*l* Tow*r Plu*in *i* not p*r*orm p*rmission ****ks on * m*t*o* impl*m*ntin* *orm v*li**tion. T*is *llow** us*rs wit* Ov*r*ll/R*** ****ss to J*nkins to *onn**t to *n *tt**k*r-sp**i*i** URL usin* *tt**k*r-sp**i*i** *r***nti*ls I*s o*t*in**

Reasoning

T** vuln*r**ility **nt*rs on two m*t*o*s in Tow*rInst*ll*tion**s*riptor: *. *oT*stTow*r*onn**tion - *ir**tly **n*l*s *onn**tion v*li**tion wit*out prop*r *ut*z ****ks or *SR* prot**tion, *s s*own in *xploit *x*mpl*s *. *o*illTow*r*r***nti*lsI*It*ms