CVE-2019-1003091

Vulnerability

A missing permission check in the Jenkins SOASTA CloudTest Plugin's CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server [1][3]. The vulnerability affects all versions of the SOASTA CloudTest Plugin up to and including the version fixed in the Jenkins Security Advisory 2019-04-03 [1].

Exploitation

An attacker with Overall/Read permission can send a crafted request from the Jenkins controller to an attacker-specified server, initiating a connection without any further authentication or authorization checks [1][3]. The attacker does not need specific access or privileges beyond the base Overall/Read permission.

Impact

Successful exploitation allows the attacker to use the Jenkins controller as a proxy to initiate connections to arbitrary external servers, potentially leading to information disclosure or further network attacks [1][3]. The attacker can probe internal or external services from the Jenkins server.

Mitigation

The Jenkins Security Advisory 2019-04-03 indicates a fix was released for the SOASTA CloudTest Plugin [1]. Users should upgrade to the latest version of the plugin that includes the permission check. As a general practice, administrators should restrict Overall/Read permission to trusted users only.