Vulnerabilities > CVE-2019-10320 - File and Directory Information Exposure vulnerability in Jenkins Credentials

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
jenkins
CWE-538
nessus

Summary

Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.

Vulnerable Configurations

Part Description Count
Application
Jenkins
73

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • WSDL Scanning
    This attack targets the WSDL interface made available by a web service. The attacker may scan the WSDL interface to reveal sensitive information about invocation patterns, underlying technology implementations and associated vulnerabilities. This type of probing is carried out to perform more serious attacks (e.g. parameter tampering, malicious content injection, command injection, etc.). WSDL files provide detailed information about the services ports and bindings available to consumers. For instance, the attacker can submit special characters or malicious content to the Web service and can cause a denial of service condition or illegal access to database records. In addition, the attacker may try to guess other private methods by using the information provided in the WSDL files.

Nessus

NASL familyRed Hat Local Security Checks
NASL idREDHAT-RHSA-2019-1636.NASL
descriptionAn update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This advisory contains the jenkins-2-plugins RPM packages for Red Hat OpenShift Container Platform 4.1.4. See the following advisory for the container images for this release : https://access.redhat.com/errata/RHBA-2019:1635 Security Fix(es) : * jenkins-plugin-workflow-remote-loader: Unsafe Script Security whitelist entry in Pipeline Remote Loader Plugin (CVE-2019-10328) * jenkins-credentials-plugin: Certificate file read vulnerability in Credentials Plugin (CVE-2019-10320) * jenkins-plugin-token-macro: XML External Entity processing the ${XML} macro (CVE-2019-10337) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. You may download the oc tool and use it to inspect release image metadata as follows : $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.1.4 The image digest is sha256:a6c177eb007d20bb00bfd8f829e99bd40137167480112bd5ae1c25e40a4a163 a All OpenShift Container Platform 4.1 users are advised to upgrade to these updated packages and images.
last seen2020-06-01
modified2020-06-02
plugin id126489
published2019-07-05
reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/126489
titleRHEL 7 : OpenShift Container Platform 4.1 jenkins-2-plugins (RHSA-2019:1636)

Redhat

advisories
  • rhsa
    idRHBA-2019:1605
  • rhsa
    idRHSA-2019:1636
rpms
  • atomic-enterprise-service-catalog-1:3.11.117-1.git.1.376e432.el7
  • atomic-enterprise-service-catalog-svcat-1:3.11.117-1.git.1.376e432.el7
  • atomic-openshift-cluster-autoscaler-0:3.11.117-1.git.1.caa79fa.el7
  • atomic-openshift-descheduler-0:3.11.117-1.git.1.1635b0a.el7
  • atomic-openshift-dockerregistry-0:3.11.117-1.git.1.6a42b08.el7
  • atomic-openshift-metrics-server-0:3.11.117-1.git.1.319d58e.el7
  • atomic-openshift-node-problem-detector-0:3.11.117-1.git.1.0345fe3.el7
  • atomic-openshift-service-idler-0:3.11.117-1.git.1.887bb82.el7
  • atomic-openshift-web-console-0:3.11.117-1.git.1.be7a05c.el7
  • cri-o-0:1.11.14-1.rhaos3.11.gitd56660e.el7
  • cri-o-debuginfo-0:1.11.14-1.rhaos3.11.gitd56660e.el7
  • golang-github-openshift-oauth-proxy-0:3.11.117-1.git.1.2b006d2.el7
  • jenkins-0:2.164.2.1555422716-1.el7
  • jenkins-2-plugins-0:3.11.1559667994-1.el7
  • openshift-ansible-0:3.11.123-1.git.0.db681ba.el7
  • openshift-ansible-docs-0:3.11.123-1.git.0.db681ba.el7
  • openshift-ansible-playbooks-0:3.11.123-1.git.0.db681ba.el7
  • openshift-ansible-roles-0:3.11.123-1.git.0.db681ba.el7
  • openshift-ansible-test-0:3.11.123-1.git.0.db681ba.el7
  • openshift-enterprise-autoheal-0:3.11.117-1.git.1.ef32a58.el7
  • openshift-enterprise-cluster-capacity-0:3.11.117-1.git.1.6593fce.el7
  • prometheus-0:3.11.117-1.git.1.f52d417.el7
  • prometheus-alertmanager-0:3.11.117-1.git.1.207ef35.el7
  • prometheus-node-exporter-0:3.11.117-1.git.1.dcee33f.el7
  • jenkins-2-plugins-0:4.1.1561471763-1.el7