CVE-2017-1000091

moderate-risk
Published 2017-10-05

GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as part of form validation and completion (e.g. to verify Scan Credentials are correct). This functionality improperly checked permissions, allowing any user with Overall/Read access to Jenkins to connect to any web server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery.

Do I need to act?

-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.3/10 Medium
NETWORK / LOW complexity

Affected Products (20)

Github Branch Source
Github Branch Source
Github Branch Source
Github Branch Source
Github Branch Source
Github Branch Source
Github Branch Source
Github Branch Source
Github Branch Source
Github Branch Source
Github Branch Source
Github Branch Source
Github Branch Source
Github Branch Source
Github Branch Source
Github Branch Source
Github Branch Source
Github Branch Source
Github Branch Source
Github Branch Source

Affected Vendors

Jenkins

References (2)

Vendor Advisory https://jenkins.io/security/advisory/2017-07-10/
Vendor Advisory https://jenkins.io/security/advisory/2017-07-10/
47
/ 100
moderate-risk
Severity 23/34 · High
Exploitability 0/34 · Minimal
Exposure 24/34 · High