ASA-2019-00103 – Jenkins: Cross-Site Request Forgery (CSRF) vulnerability and missing permission checks in Kanboard Plugin allowed Server-Side Request Forgery (SSRF)


Allele Security Alert

ASA-2019-00103

Identifier(s)

ASA-2019-00103, SECURITY-818, CVE-2019-1003020

Title

Cross-Site Request Forgery (CSRF) vulnerability and missing permission checks in Kanboard Plugin allowed Server-Side Request Forgery (SSRF)

Vendor(s)

Jenkins project

Product(s)

Jenkins Kanboard Plugin

Affected version(s)

Kanboard Plugin up to and including 1.5.10

Fixed version(s)

Kanboard Plugin version 1.5.11

Proof of concept

Unknown

Description

Kanboard Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to submit a GET request to an attacker-specified URL.

Additionally, this form validation method did not require POST requests, resulting in a Cross-Site Request Forgery (CSRF) vulnerability.

Technical details

Unknown

Credits

Thomas de Grenier de Latour

Reference(s)

Jenkins Security Advisory 2019-01-28
https://jenkins.io/security/advisory/2019-01-28

Jenkins Plugins
https://plugins.jenkins.io/kanboard

CVE-2019-1003020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1003020

CVE-2019-1003020
https://nvd.nist.gov/vuln/detail/CVE-2019-1003020

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: March 6, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.