CVE-2023-50775

Vulnerability

Overview A cross-site request forgery (CSRF) vulnerability exists in the Jenkins Deployment Dashboard Plugin, versions 1.0.10 and earlier. This flaw enables an attacker to craft a malicious request that, when executed by an authenticated Jenkins user, will copy jobs on the Jenkins controller without the user's consent [1][2].

Attack

Vector and Prerequisites The root cause is the lack of CSRF protection (e.g., a crumb token or same-origin check) on the endpoint that handles job copy operations. An attacker can exploit this by tricking a Jenkins user who has the necessary permissions (e.g., Job/Create or Job/Configure) into clicking a crafted link or visiting a malicious page while logged into Jenkins. No direct network access to the Jenkins controller is required beyond the ability to deliver the crafted request to the victim [1].

Impact

Successful exploitation allows the attacker to copy jobs within Jenkins. While copying a job itself does not grant full control, it can be used as a stepping stone for further attacks, such as modifying the copied job to execute malicious build steps or exfiltrating configuration details. The plugin's advisory notes that no fix has been released, and the plugin remains affected [1][2].

Mitigation and

Status As of the advisory publication date (2023-12-13), no patched version of the Deployment Dashboard Plugin is available. The Jenkins security team recommends removing or disabling the plugin if it is not essential, or restricting access to the affected endpoints via a reverse proxy or firewall. The plugin's repository indicates it has not been updated to address the issue [1][2][4].