Advisories for Maven/Org.jenkins-Ci.plugins/Github-Branch-Source package

A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability.

GitHub Branch Source Plugin connects to a user-specified GitHub API URL as part of form validation and completion. This functionality improperly checked permissions, allowing any user with Overall/Read access to Jenkins to connect to any web server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins …