Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:MISC:JENKINS-CI-CSRF |
|---|---|
Severity |
Major |
Recommended |
No |
Category |
HTTP |
Keywords |
Jenkins CI Server Multiple Cross-Site Request Forgery |
Release Date |
2017/05/14 |
Update Number |
2893 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Jenkins CI Server Multiple Cross-Site Request Forgery
This signature detects attempts to exploit known vulnerabilities in the Jenkins CI. Successful exploitation of these vulnerabilities could lead to a variety of effects including denial-of-service, configuration changes, and, in the worst case, arbitrary command execution with the privileges of Jenkins.
Extended Description
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts.
Affected Products
- Jenkins jenkins 2.46.1
- Jenkins jenkins 2.56
References
- BugTraq: 98062
- CVE: CVE-2017-1000356