GHSA-x77r-7m5w-pqq2

Suggest an improvement
Source
https://github.com/advisories/GHSA-x77r-7m5w-pqq2
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-x77r-7m5w-pqq2/GHSA-x77r-7m5w-pqq2.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-x77r-7m5w-pqq2
Aliases
Published
2022-05-24T19:12:36Z
Modified
2024-01-02T05:52:07.380375Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Jenkins Azure AD Plugin allows bypassing CSRF protection for any URL
Details

An extension point in Jenkins allows selectively disabling cross-site request forgery (CSRF) protection for specific URLs. Jenkins Azure AD Plugin implements this extension point for URLs used by a JavaScript component.

In Jenkins Azure AD Plugin 179.vf6841393099e and earlier this implementation is too permissive, allowing attackers to craft URLs that would bypass the CSRF protection of any target URL.

This vulnerability was originally introduced in Azure AD Plugin 164.v5b48baa961d2.

Azure AD Plugin 180.v8b1e80e6f242 no longer allows bypassing CSRF protection for URLs used by the JavaScript component. Instead, that component was reconfigured to pass the expected CSRF token.

Database specific
{
    "nvd_published_at": "2021-08-31T14:15:00Z",
    "cwe_ids": [
        "CWE-352",
        "CWE-693"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-15T16:31:38Z"
}
References

Affected packages

Maven / org.jenkins-ci.plugins:azure-ad

Package

Name
org.jenkins-ci.plugins:azure-ad
View open source insights on deps.dev
Purl
pkg:maven/org.jenkins-ci.plugins/azure-ad

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
180.v8b1e80e6f242

Affected versions

0.*

0.1.1
0.1.1-1
0.2.0
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4

1.*

1.0.0
1.1.0
1.1.1
1.1.2
1.2.0
1.2.1
1.2.2
1.2.3

146.*

146.vb688d1511c38

150.*

150.vb3db9f880321

152.*

152.v1609ed460604

153.*

153.v7af57b288088

154.*

154.v12e17a5f9ea3

155.*

155.v745ce80af7ea

157.*

157.v2d3d5782a602

158.*

158.v437429002c6b

164.*

164.v5b48baa961d2

165.*

165.v36344b7d7ca7

167.*

167.v34c2c5a3a030

168.*

168.ve6e7e368dbf6

170.*

170.v0a6219442a99

171.*

171.v9ef20c94d336

172.*

172.vf6a517c3329a

173.*

173.v0a210fffb510

174.*

174.vc2d906355813

175.*

175.v5513346d764a

177.*

177.v80b6c1591bf9

178.*

178.v7b93892fbe4c

179.*

179.vf6841393099e

Database specific

{
    "last_known_affected_version_range": "<= 179.vf6841393099e"
}