Allele Security Alert
ASA-2018-00087
Identifier(s)
ASA-2018-00087, CVE-2018-1000863, SECURITY-1072
Title
Forced migration of user records
Vendor(s)
Jenkins project
Product(s)
Jenkins (core)
Affected version(s)
Jenkins 2.153
Jenkins 2.138.3
Fixed version(s)
Jenkins 2.154
Jenkins LTS 2.138.4 or 2.150.1
Proof of concept
Unknown
Description
The fix for SECURITY-499 introduced a mechanism that renamed user directories on disk as a user with an unsafe user name (user ID) is loaded. Insufficient input validation allowed attackers to rename such user directories even for users with a safe user name by submitting a crafted user name when attempting to log in, even with an invalid password. Doing so prevented users from logging in successfully afterwards.
Technical details
Unknown
Credits
Nimrod Stoler (CyberArk Labs) and Evan Grant (Tenable)
Reference(s)
Jenkins Security Advisory 2018-12-05
https://jenkins.io/security/advisory/2018-12-05/
CloudBees Security Advisory 2018-12-05
https://www.cloudbees.com/cloudbees-security-advisory-2018-12-05
[SECURITY-1072]
https://github.com/jenkinsci/jenkins/commit/4ed66e5838476e575a83c3cd13fffb37eefa2f48
[SECURITY-1072] Make ApiTokenStats work
https://github.com/jenkinsci/jenkins/commit/7bae6dd6ef23af988801d38dc0f8f693bc6283f8
CVE-2018-1000863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000863
CVE-2018-1000863
https://nvd.nist.gov/vuln/detail/CVE-2018-1000863
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: March 6, 2019