Jenkins TraceTronic ECU-TEST Plugin Server Side Request Forgery Security Bypass Vulnerability

Bugtraq ID:	104960
Class:	Input Validation Error
CVE:	CVE-2018-1999026
Remote:	Yes
Local:	No
Published:	Jul 30 2018 12:00AM
Updated:	Jul 30 2018 12:00AM
Credit:	Viktor Gazdag
Vulnerable:	Jenkins-Ci TraceTronic ECU-TEST Plugin 2.3
Not Vulnerable:	Jenkins-Ci TraceTronic ECU-TEST Plugin 2.4

Jenkins TraceTronic ECU-TEST Plugin Server Side Request Forgery Security Bypass Vulnerability

TraceTronic ECU-TEST Plugin for Jenkins is prone to a security-bypass vulnerability.

Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks.

TraceTronic ECU-TEST Plugin version 2.3 and prior versions are vulnerable.

Jenkins TraceTronic ECU-TEST Plugin Server Side Request Forgery Security Bypass Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

Jenkins TraceTronic ECU-TEST Plugin Server Side Request Forgery Security Bypass Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Jenkins TraceTronic ECU-TEST Plugin Server Side Request Forgery Security Bypass Vulnerability

References:

• Jenkins CI Homepage (Jenkins CI)
  
• Jenkins Security Advisory 2018-07-30 (Jenkins-Ci)