CVE-2024-2215

A cross-site request forgery (CSRF) vulnerability exists in the Jenkins docker-build-step Plugin versions 2.11 and earlier. The plugin does not require a token or other form of validation for HTTP requests, allowing an attacker to trick a Jenkins administrator into performing unintended actions [1]. This vulnerability enables an attacker to craft a malicious request that, when executed by an authenticated user, forces the plugin to connect to an attacker-specified TCP or Unix socket URL [1][3].

Exploitation requires no special authentication beyond having a Jenkins user with access to the plugin's configuration page. An attacker can leverage social engineering or other means to make an authenticated user visit a specially crafted web page, which then triggers the CSRF attack. The attack also reconfigures the plugin using the provided connection test parameters, affecting future build step executions [1][2].

The impact of successful exploitation is that an attacker can redirect the plugin's Docker connections to a malicious socket, potentially intercepting or modifying build processes. This can lead to further compromise of the Jenkins environment, as the plugin interacts with Docker daemon [1].

As of the advisory publication date (2024-03-06), no fix has been released for this vulnerability. The docker-build-step Plugin is listed among unresolved security issues in the Jenkins advisory [2]. Users are advised to disable the plugin or apply strict network access controls until a patch is available.