Libvirt Slaves Plugin provides a list of applicable credential IDs to allow users configuring the plugin to select the one to use. This functionality does not correctly check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those can be used as part of an attack to capture the credentials using another vulnerability.
Tag: SECURITY-1014
ASA-2019-00612 – Jenkins Libvirt Slaves Plugin: Missing permission checks
Jenkins Libvirt Slaves Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
ASA-2019-00611 – Jenkins Libvirt Slaves Plugin: Cross-Site Request Forgery (CSRF)
The form validation method does not require POST requests, resulting in a Cross-Site Request Forgery vulnerability (CSRF).