CVE-2022-34206

Vulnerability

Details

The Jenkins Jianliao Notification Plugin, versions 1.1 and earlier, contains a missing permission check that allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL [1][2]. This vulnerability arises because the plugin does not properly validate whether the user has the necessary permissions to trigger outbound HTTP requests.

Exploitation

An attacker must have Overall/Read permission on the Jenkins instance, which is a relatively low-privilege access level. By exploiting this missing check, the attacker can craft a request that causes the Jenkins server to send an HTTP POST to any URL they specify [1]. This can be done without requiring any additional authentication or authorization.

Impact

Successful exploitation could enable Server-Side Request Forgery (SSRF) attacks, allowing the attacker to interact with internal services, scan internal networks, or exfiltrate data. The attack leverages the Jenkins server's network access to reach otherwise inaccessible endpoints [2].

Mitigation

The vulnerability has been addressed in Jianliao Notification Plugin version 1.2, which adds the necessary permission checks [1]. Users are advised to update to this version or later. There is no known workaround for the vulnerability.