Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.
Weakness
The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Credentials | Jenkins | * | 2.1.18 (including) |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-enterprise-service-catalog-1:3.11.117-1.git.1.376e432.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-cluster-autoscaler-0:3.11.117-1.git.1.caa79fa.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-descheduler-0:3.11.117-1.git.1.1635b0a.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-dockerregistry-0:3.11.117-1.git.1.6a42b08.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-metrics-server-0:3.11.117-1.git.1.319d58e.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-node-problem-detector-0:3.11.117-1.git.1.0345fe3.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-service-idler-0:3.11.117-1.git.1.887bb82.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-web-console-0:3.11.117-1.git.1.be7a05c.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | cri-o-0:1.11.14-1.rhaos3.11.gitd56660e.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | golang-github-openshift-oauth-proxy-0:3.11.117-1.git.1.2b006d2.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | golang-github-prometheus-alertmanager-0:3.11.117-1.git.1.207ef35.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | golang-github-prometheus-node_exporter-0:3.11.117-1.git.1.dcee33f.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | golang-github-prometheus-prometheus-0:3.11.117-1.git.1.f52d417.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | jenkins-0:2.164.2.1555422716-1.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | jenkins-2-plugins-0:3.11.1559667994-1.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | openshift-ansible-0:3.11.123-1.git.0.db681ba.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | openshift-enterprise-autoheal-0:3.11.117-1.git.1.ef32a58.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | openshift-enterprise-cluster-capacity-0:3.11.117-1.git.1.6593fce.el7 | * |
| Red Hat OpenShift Container Platform 4.1 | RedHat | jenkins-2-plugins-0:4.1.1561471763-1.el7 | * |
Potential Mitigations
Related Attack Patterns
References
- http://seclists.org/fulldisclosure/2019/May/39
- http://www.openwall.com/lists/oss-security/2019/05/21/1
- http://www.securityfocus.com/bid/108462
- https://access.redhat.com/errata/RHBA-2019:1605
- https://access.redhat.com/errata/RHSA-2019:1636
- https://jenkins.io/security/advisory/2019-05-21/#SECURITY-1322
- https://wwws.nightwatchcybersecurity.com/2019/05/23/exploring-the-file-system-via-jenkins-credentials-plugin-vulnerability-cve-2019-10320/
- http://seclists.org/fulldisclosure/2019/May/39
- http://www.openwall.com/lists/oss-security/2019/05/21/1
- http://www.securityfocus.com/bid/108462
- https://access.redhat.com/errata/RHBA-2019:1605
- https://access.redhat.com/errata/RHSA-2019:1636
- https://jenkins.io/security/advisory/2019-05-21/#SECURITY-1322
- https://wwws.nightwatchcybersecurity.com/2019/05/23/exploring-the-file-system-via-jenkins-credentials-plugin-vulnerability-cve-2019-10320/