Jenkins CVE-2017-1000356 Multiple Cross Site Request Forgery Vulnerabilities



Jenkins is prone to multiple cross-site request-forgery vulnerabilities.

An attacker can exploit these issues to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.

The following versions are available:

Jenkins 2.56 and prior.
Jenkins LTS 2.46.1 and prior.

Information

Bugtraq ID: 98062
Class: Input Validation Error
CVE: CVE-2017-1000356

Remote: Yes
Local: No
Published: Apr 27 2017 12:00AM
Updated: Apr 27 2017 12:00AM
Credit: Steve Marlowe of Cisco ASIG
Vulnerable: Jenkins-Ci Jenkins LTS 2.46.1
Jenkins-Ci Jenkins LTS 2.32.2
Jenkins-Ci Jenkins LTS 2.32.1
Jenkins-Ci Jenkins LTS 2.19.3
Jenkins-Ci Jenkins LTS 2.19.2
Jenkins-Ci Jenkins LTS 1.652.2
Jenkins-Ci Jenkins LTS 1.651.2
Jenkins-Ci Jenkins LTS 1.651.1
Jenkins-Ci Jenkins LTS 1.642.2
Jenkins-Ci Jenkins LTS 1.642.1
Jenkins-Ci Jenkins LTS 1.625.3
Jenkins-Ci Jenkins LTS 1.625.2
Jenkins-Ci Jenkins LTS 1.625.1
Jenkins-Ci Jenkins LTS 1.609.1
Jenkins-Ci Jenkins LTS 1.580.1
Jenkins-Ci Jenkins LTS 1.565.3
Jenkins-Ci Jenkins 1.7.24
Jenkins-Ci Jenkins 2.56
Jenkins-Ci Jenkins 2.44
Jenkins-Ci Jenkins 2.43
Jenkins-Ci Jenkins 2.32
Jenkins-Ci Jenkins 2.31
Jenkins-Ci Jenkins 2.3
Jenkins-Ci Jenkins 2.2
Jenkins-Ci Jenkins 2.1
Jenkins-Ci Jenkins 2.0
Jenkins-Ci Jenkins 1.656
Jenkins-Ci Jenkins 1.655
Jenkins-Ci Jenkins 1.654
Jenkins-Ci Jenkins 1.653
Jenkins-Ci Jenkins 1.652
Jenkins-Ci Jenkins 1.651
Jenkins-Ci Jenkins 1.650
Jenkins-Ci Jenkins 1.649
Jenkins-Ci Jenkins 1.641
Jenkins-Ci Jenkins 1.640
Jenkins-Ci Jenkins 1.638
Jenkins-Ci Jenkins 1.637
Jenkins-Ci Jenkins 1.600
Jenkins-Ci Jenkins 1.587
Jenkins-Ci Jenkins 1.578
Jenkins-Ci Jenkins 1.551
Jenkins-Ci Jenkins 1.550
Jenkins-Ci Jenkins 1.532.2
Jenkins-Ci Jenkins 1.532.1
Jenkins-Ci Jenkins 1.523
Jenkins-Ci Jenkins 1.514
Jenkins-Ci Jenkins 1.513
Jenkins-Ci Jenkins 1.509
Jenkins-Ci Jenkins 1.502
Jenkins-Ci Jenkins 1.497
Jenkins-Ci Jenkins 1.491
Jenkins-Ci Jenkins 1.482
Jenkins-Ci Jenkins 1.454
Jenkins-Ci Jenkins 1.452
Jenkins-Ci Jenkins 1.451
Jenkins-Ci Jenkins 1.447
Jenkins-Ci Jenkins 1.446
Jenkins-Ci Jenkins 1.438
Jenkins-Ci Jenkins 1.408


Not Vulnerable: Jenkins-Ci Jenkins LTS 2.46.2
Jenkins-Ci Jenkins 2.57


Exploit


To exploit these issues an attacker must entice an unsuspecting victim to open a malicious URI.


Related Posts

Comments