HTTP: Jenkins CI Server Multiple Cross-Site Request Forgery
This signature detects attempts to exploit known vulnerabilities in the Jenkins CI. Successful exploitation of these vulnerabilities could lead to a variety of effects including denial-of-service, configuration changes, and, in the worst case, arbitrary command execution with the privileges of Jenkins.
Extended Description
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts.
Affected Products
Jenkins jenkins
Short Name
HTTP:MISC:JENKINS-CI-CSRF
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CI CVE-2017-1000356 Cross-Site Forgery Jenkins Multiple Request Server bid:98062
Release Date
05/15/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3758
False Positive
Rarely
Vendors
Jenkins
CVSS Score
6.8