CVE-2023-24458

CVE-2023-24458 is a cross-site request forgery (CSRF) vulnerability in the Jenkins BearyChat Plugin, affecting version 3.0.2 and earlier [1]. The plugin does not properly validate or require a CSRF token when processing requests that trigger connections to external URLs. This flaw allows an attacker to craft a malicious request that, if executed by an authenticated Jenkins user, will cause the Jenkins server to connect to an attacker-controlled URL [2].

To exploit this vulnerability, an attacker must trick a Jenkins user with the necessary permissions (any user who can interact with the BearyChat plugin configuration) into clicking a crafted link or visiting a malicious page. No other authentication is required beyond the victim's existing session [2]. The attack is performed remotely, but the attacker does not have direct network access to the Jenkins server; the victim's browser is used as a proxy.

Successful exploitation enables the attacker to force the Jenkins server to make an HTTP request to an arbitrary URL specified by the attacker. This could be used to probe internal network services, exfiltrate limited data (e.g., server configuration details in outbound requests), or trigger actions on third-party systems that trust the Jenkins server's IP address [1][2]. The impact is limited to the ability to initiate outbound connections, not to directly execute code or modify Jenkins configurations.

The vulnerability is fixed in BearyChat Plugin version 3.0.3 and later. Users should upgrade immediately [1]. There is no mention of a workaround in the advisory; upgrading is the recommended mitigation.