Miggo Logo

CVE-2020-2116: CSRF vulnerability in Pipeline GitHub Notify Step Plugin allows capturing credentials

7.1

CVSS Score
3.1

Basic Information

EPSS Score
0.23054%
Published
5/24/2022
Updated
10/26/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.jenkins-ci.plugins:pipeline-githubnotify-stepmaven< 1.0.51.0.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The advisory explicitly mentions two critical flaws: 1) Missing permission checks on form validation methods, and 2) CSRF vulnerability due to lack of POST requirement. In Jenkins plugin architecture, form validation is typically handled by 'doCheck*' methods in DescriptorImpl classes. The credential ID parameter handling and URL validation would logically reside in these methods. The combination of missing CSRF tokens (GET instead of POST) and absent permission checks in these validation endpoints aligns with the described attack vector where attackers manipulate these parameters to exfiltrate credentials.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* *ross-sit* r*qu*st *or**ry vuln*r**ility in J*nkins Pip*lin* *it*u* Noti*y St*p Plu*in *.*.* *n* **rli*r *llows *tt**k*rs to *onn**t to *n *tt**k*r-sp**i*i** URL usin* *tt**k*r-sp**i*i** *r***nti*ls I*s o*t*in** t*rou** *not**r m*t*o*, **pturin* *r

Reasoning

T** **visory *xpli*itly m*ntions two *riti**l *l*ws: *) Missin* p*rmission ****ks on *orm `v*li**tion` m*t*o*s, *n* *) *SR* vuln*r**ility *u* to l**k o* `POST` r*quir*m*nt. In `J*nkins` plu*in *r**it**tur*, *orm `v*li**tion` is typi**lly **n*l** *y '