CVE Vulnerabilities

CVE-2019-1003012

Cross-Site Request Forgery (CSRF)

Published: Feb 06, 2019 | Modified: Oct 25, 2023
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
7.3 MODERATE
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Ubuntu

A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js, blueocean-rest/src/main/java/io/jenkins/blueocean/rest/APICrumbExclusion.java, blueocean-web/src/main/java/io/jenkins/blueocean/BlueOceanUI.java, blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API.

Weakness

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Affected Software

Name Vendor Start Version End Version
Blue_ocean Jenkins * 1.10.1 (including)
Red Hat OpenShift Container Platform 3.11 RedHat atomic-enterprise-service-catalog-1:3.11.82-1.git.1673.133961e.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat atomic-openshift-0:3.11.82-1.git.0.08bc31b.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat atomic-openshift-cluster-autoscaler-0:3.11.82-1.git.0.efb6af0.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat atomic-openshift-descheduler-0:3.11.82-1.git.300.89765c9.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat atomic-openshift-dockerregistry-0:3.11.82-1.git.452.0ce6383.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat atomic-openshift-metrics-server-0:3.11.82-1.git.52.2fdca3f.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat atomic-openshift-node-problem-detector-0:3.11.82-1.git.254.a448936.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat atomic-openshift-service-idler-0:3.11.82-1.git.14.e353758.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat atomic-openshift-web-console-0:3.11.82-1.git.355.5e8b1d9.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat golang-github-openshift-oauth-proxy-0:3.11.82-1.git.425.7cac034.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat golang-github-prometheus-alertmanager-0:3.11.82-1.git.0.3bf41ce.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat golang-github-prometheus-node_exporter-0:3.11.82-1.git.1063.48444e8.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat golang-github-prometheus-prometheus-0:3.11.82-1.git.5027.9d24833.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat haproxy-0:1.8.17-3.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat jenkins-0:2.150.2.1549032159-1.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat jenkins-2-plugins-0:3.11.1549642489-1.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat openshift-ansible-0:3.11.82-3.git.0.9718d0a.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat openshift-enterprise-autoheal-0:3.11.82-1.git.219.0b5aff4.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat openshift-enterprise-cluster-capacity-0:3.11.82-1.git.380.cf11c51.el7 *

Potential Mitigations

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, use anti-CSRF packages such as the OWASP CSRFGuard. [REF-330]
  • Another example is the ESAPI Session Management control, which includes a component for CSRF. [REF-45]
  • Use the “double-submitted cookie” method as described by Felten and Zeller:
  • When a user visits a site, the site should generate a pseudorandom value and set it as a cookie on the user’s machine. The site should require every form submission to include this value as a form value and also as a cookie value. When a POST request is sent to the site, the request should only be considered valid if the form value and the cookie value are the same.
  • Because of the same-origin policy, an attacker cannot read or modify the value stored in the cookie. To successfully submit a form on behalf of the user, the attacker would have to correctly guess the pseudorandom value. If the pseudorandom value is cryptographically strong, this will be prohibitively difficult.
  • This technique requires Javascript, so it may not work for browsers that have Javascript disabled. [REF-331]

References