SB2019081514 - Red Hat update for OpenShift Container Platform 3.11 jenkins

Security Bulletin ID SB2019081514

Severity

Medium

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Path traversal (CVE-ID: CVE-2019-10352)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the "core/src/main/java/hudson/model/FileParameterValue.java." A remote authenticated attacker with Job/Configure permission can define a file parameter with a file name outside the intended directory.

This vulnerability results in an arbitrary file write on the Jenkins master when scheduling a build.

2) Cross-site request forgery (CVE-ID: CVE-2019-10353)

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to the CSRF tokens by default only check user authentication and IP address. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.

This vulnerability allows an attacker to obtain a CSRF token for another user to implement CSRF attacks as long as the victim’s IP address remained unchanged.

3) Authentication bypass using an alternate path or channel (CVE-ID: CVE-2019-10354)

The vulnerability allows a remote attacker to bypass permission checks.

The vulnerability exists due to the access control bypass in the Stapler web framework. A remote authenticated attacker can access view fragments directly, bypass permission checks and possibly obtain sensitive information.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2019:2503