Multiple vulnerabilities in Jenkins Support Core Plugin
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2019-16539 CVE-2019-16540 |
| CWE-ID | CWE-264 CWE-22 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Support Core Web applications / Modules and components for CMS |
| Vendor | Jenkins |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU22917
Risk: Medium
CVSSv4.0: 5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-16539
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to the affected plugin does not perform a permission check. A remote authenticated attacker with Overall/Read permission can delete support bundles and any arbitrary other file, with a known name/path.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSupport Core: 1.0 - 2.63
CPE2.3- cpe:2.3:a:jenkins:support_core:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:support_core:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:support_core:1.2:*:*:*:*:*:*:*
https://jenkins.io/security/advisory/2019-11-21/#SECURITY-1634
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Path traversal
EUVDB-ID: #VU22918
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-16540
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to the affected plugin does not validate the paths submitted for the "Delete Support Bundles" feature. A remote authenticated attacker can send a specially crafted HTTP request and delete arbitrary files on the Jenkins master file system accessible to the OS user account running Jenkins.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSupport Core: 1.0 - 2.63
CPE2.3- cpe:2.3:a:jenkins:support_core:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:support_core:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:support_core:1.2:*:*:*:*:*:*:*
https://jenkins.io/security/advisory/2019-11-21/#SECURITY-1634
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
