CVE-2018-1000153 – org.jenkins-ci.plugins:vsphere-cloud

Package

Manager: maven
Name: org.jenkins-ci.plugins:vsphere-cloud
Vulnerable Version: >=0 <2.17

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00062 pctl0.19491

Details

Jenkins vSphere Plugin Cross-Site Request Forgery vulnerability A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnapshot.java, RevertToSnapshot.java, SuspendVm.java, TakeSnapshot.java, VSphereBuildStepContainer.java, vSphereCloudProvisionedSlave.java, vSphereCloudSlave.java, vSphereCloudSlaveTemplate.java, VSphereConnectionConfig.java, vSphereStep.java that allows attackers to perform form validation related actions, including sending numerous requests to the configured vSphere server, potentially resulting in denial of service, or send credentials stored in Jenkins with known ID to an attacker-specified server ("test connection"). Additionally, these form validation methods did not require POST requests, resulting in a CSRF vulnerability. As of version 2.17, these form validation methods require POST requests and appropriate user permissions.

Metadata

Created: 2022-05-14T03:23:41Z
Modified: 2022-12-12T21:05:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2g32-2j8w-2qgf/GHSA-2g32-2j8w-2qgf.json
CWE IDs: ["CWE-352"]
Alternative ID: GHSA-2g32-2j8w-2qgf
Finding: F007
Auto approve: 1