4.2

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-35148

GHSA ID

GHSA-r72x-2h45-p59x

EPSS Score

0.28868%

CWE

CWE-352

Published

6/14/2023

Updated

11/7/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-35148

CVE-2023-35148: Jenkins Digital.ai App Management Publisher Plugin vulnerable to Cross-Site Request Forgery

Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier does not perform permission checks in several HTTP endpoints.

This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

(GitHub Advisory)

4.2

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-35148

GHSA ID

GHSA-r72x-2h45-p59x

EPSS Score

0.28868%

CWE

CWE-352

Published

6/14/2023

Updated

11/7/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins:ease-plugin	maven	<= 2.6

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability describes HTTP endpoints that 1) lack permission checks and 2) accept non-POST requests. In Jenkins plugins, form validation and connection test endpoints (doCheck*/doTest* methods in DescriptorImpl classes) are common vulnerable patterns. These methods would handle credentials/URL parameters without @RequirePermission annotations and support GET requests, enabling both privilege escalation and CSRF. The 'attacker-specified credentials IDs' and URL parameters mentioned in advisories align with typical DescriptorImpl validation method parameters.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins *i*it*l.*i *pp M*n***m*nt Pu*lis**r Plu*in *.* *n* **rli*r *o*s not p*r*orm p*rmission ****ks in s*v*r*l *TTP *n*points. T*is *llows *tt**k*rs wit* Ov*r*ll/R*** p*rmission to *onn**t to *n *tt**k*r-sp**i*i** URL usin* *tt**k*r-sp**i*i** *r**

Reasoning

T** vuln*r**ility **s*ri**s *TTP *n*points t**t *) l**k p*rmission ****ks *n* *) ****pt non-POST r*qu*sts. In J*nkins plu*ins, *orm v*li**tion *n* *onn**tion t*st *n*points (*o****k*/*oT*st* m*t*o*s in **s*riptorImpl *l*ss*s) *r* *ommon vuln*r**l* p*

4.2

Basic Information

Concerned about an active attack path?

CVE-2023-35148: Jenkins Digital.ai App Management Publisher Plugin vulnerable to Cross-Site Request Forgery

4.2

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI