May 3, 2024
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2023-40368 – IBM Storage Protect Vulnerability
September 21, 2023
Rewterz Threat Alert – Bitter APT Group – Active IOCs
September 21, 2023
Rewterz Threat Advisory – CVE-2023-40368 – IBM Storage Protect Vulnerability
September 21, 2023
Rewterz Threat Alert – Bitter APT Group – Active IOCs
September 21, 2023
Severity
Medium
Analysis Summary
CVE-2023-43502 CVSS: 4.3
Jenkins Build Failure Analyzer Plugin is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to delete Failure Causes. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2023-43494 CVSS: 4.3
Jenkins weekly and LTS could allow a remote authenticated attacker to obtain sensitive information, caused by not excluding sensitive build variables when filtering builds in the build history widget. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain values of sensitive variables used in builds, and use this information to launch further attacks against the affected system.
CVE-2023-43496 CVSS: 7.0
Jenkins weekly and LTS could allow a local authenticated attacker to execute arbitrary code on the system, caused by a flaw with creating a temporary file in the system temporary directory with the default permissions. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-43498 CVSS: 3.6
Jenkins weekly and LTS could allow a local authenticated attacker to bypass security restrictions, caused by a flaw when processing file uploads using the MultipartFormDataParser. By sending a specially crafted request, an attacker could exploit this vulnerability to access to the Jenkins controller file system to read and write the files before they are used.
CVE-2023-43499 CVSS: 8.0
Jenkins Build Failure Analyzer Plugin is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Failure Cause names in build logs. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-43497 CVSS: 3.6
Jenkins weekly and LTS could allow a local authenticated attacker to bypass security restrictions, caused by a flaw when processing file uploads using the Stapler web framework. By sending a specially crafted request, an attacker could exploit this vulnerability to access to the Jenkins controller file system to read and write the files before they are used.
CVE-2023-43500 CVSS: 4.3
Jenkins Build Failure Analyzer Plugin is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to connect to an attacker-specified hostname and port. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2023-43495 CVSS: 8.0
Jenkins weekly and LTS are vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the caption constructor parameter of ExpandableDetailsNote. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
Impact
- Gain Access
- Information Disclosure
- Code Execution
- Security Bypass
- Cross-Site Scripting
Indicators Of Compromise
CVE
- CVE-2023-43502
- CVE-2023-43494
- CVE-2023-43496
- CVE-2023-43498
- CVE-2023-43499
- CVE-2023-43497
- CVE-2023-43500
- CVE-2023-43495
Affected Vendors
Jenkins
Affected Products
- Jenkins Build Failure Analyzer Plugin 2.4.1
- Jenkins weekly 2.423
- Jenkins LTS 2.414.1
Remediation
Refer to Jenkins Security Advisory for patch, upgrade or suggested workaround information.