Can you explain this vulnerability to me?

This vulnerability is a missing permission check in the Jenkins Script Security Plugin versions 1399.ve6a_66547f6e1 and earlier. It allows attackers who have Overall/Read permission to enumerate pending and approved Script Security classpaths through an HTTP endpoint.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

An attacker with Overall/Read permission can exploit this vulnerability to gain information about pending and approved Script Security classpaths. This could potentially aid in further attacks or unauthorized access by revealing internal details about the Jenkins environment.

Useful 0 Not Useful 0

Can you explain this vulnerability to me?

This vulnerability is a missing permission check in the Jenkins Script Security Plugin version 1399.ve6a_66547f6e1 and earlier. It allows attackers who have Overall/Read permission to enumerate pending and approved Script Security classpaths.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

The vulnerability allows users with limited permissions (Overall/Read) to access information about pending and approved Script Security classpaths, which they normally should not be able to see. This could potentially expose sensitive internal details about scripts and their security status within Jenkins.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability involves a missing permission check in an HTTP endpoint of the Jenkins Script Security Plugin, allowing enumeration of pending and approved Script Security classpaths by users with Overall/Read permission.

Detection would involve monitoring HTTP requests to the Jenkins Script Security Plugin endpoints to identify attempts to enumerate classpaths without proper permissions.

Specific commands or detection scripts are not provided in the available resources.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade the Jenkins Script Security Plugin to version 1402.v94c9ce464861 or later.

This update includes a fix that enforces Overall/Administer permission to perform enumerations of Script Security classpaths, preventing unauthorized enumeration by users with only Overall/Read permission.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability involves a missing permission check in an HTTP endpoint of the Jenkins Script Security Plugin, allowing enumeration of pending and approved Script Security classpaths by users with Overall/Read permission.

To detect this vulnerability on your system, you can check the version of the Script Security Plugin installed in your Jenkins instance. Versions 1399.ve6a_66547f6e1 and earlier are vulnerable.

You can use Jenkins API or CLI commands to query the plugin version. For example, using curl to query the plugin manager API endpoint:

• curl -s -u <user>:<api_token> https://<jenkins_url>/pluginManager/api/json?depth=1 | grep script-security

If the version returned is 1399.ve6a_66547f6e1 or earlier, your system is vulnerable.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade the Jenkins Script Security Plugin to version 1402.v94c9ce464861 or later.

This update includes a fix that enforces Overall/Administer permission to enumerate pending and approved Script Security classpaths, preventing unauthorized enumeration.

Additionally, review and restrict user permissions to ensure that only trusted users have Overall/Read or higher permissions.

Useful 0 Not Useful 0