CVE-2022-34204

Vulnerability

Overview

CVE-2022-34204 describes a missing permission check in the Jenkins EasyQA Plugin version 1.0 and earlier. The plugin fails to verify that a user has the necessary permissions before allowing them to specify an HTTP server URL for the plugin to connect to. This oversight means that any user with the Overall/Read permission can trigger an outbound HTTP connection from the Jenkins controller to an arbitrary server [1][3].

Exploitation

An attacker with Overall/Read access (a low-privilege permission) can exploit this by providing a malicious HTTP server URL. The Jenkins controller will then make a request to that server, potentially revealing internal network information or allowing the attacker to probe services that are not directly accessible from the attacker's network. No additional authentication is required beyond the basic Overall/Read permission [1].

Impact

The primary impact is server-side request forgery (SSRF). An attacker could use this to scan internal networks, access cloud metadata endpoints, or exfiltrate sensitive data by directing the request to an attacker-controlled server. The severity is considered medium to high depending on the network configuration [3].

Mitigation

As of the advisory date, the EasyQA Plugin version 1.0 is the latest affected version. Users should check for updates to the plugin or consider restricting the Overall/Read permission to trusted users only. The Jenkins Security Advisory 2022-06-22 provides details on this and other vulnerabilities [1].