CVE-2019-1003090

Vulnerability

The Jenkins SOASTA CloudTest Plugin is vulnerable to cross-site request forgery (CSRF) in the CloudTestServer.DescriptorImpl#doValidate form validation method. This flaw allows an attacker to trick an authenticated Jenkins administrator into sending a request that causes Jenkins to initiate a connection to an attacker-specified server. The vulnerability affects all versions of the plugin prior to the fix released in the 2019-04-03 security advisory [1][3].

Exploitation

An attacker can exploit this CSRF by crafting a malicious web page or link that, when visited by a Jenkins administrator with an active session, triggers a forged HTTP request to the doValidate endpoint. The request includes parameters specifying the target server address. No additional privileges or user interaction beyond the administrator visiting the attacker-controlled page are required [1][3].

Impact

Successful exploitation enables the attacker to force Jenkins to make a connection to an arbitrary server. This can be leveraged for server-side request forgery (SSRF) attacks, potentially allowing the attacker to probe internal network resources or interact with services that are otherwise inaccessible. The impact is limited to initiating outbound connections; the attacker does not gain direct code execution or access to Jenkins data [1][3].

Mitigation

The vulnerability is fixed in the SOASTA CloudTest Plugin as part of the Jenkins security advisory released on 2019-04-03. Users should update the plugin to the latest available version. No workarounds are documented in the available references [1][3].