Security context
LowGHSA-pv88-j6rg-r56p CVE-2014-2068Published May 17, 2022

Jenkins allows attackers to obtain sensitive information

Research this vulnerability

Research is free — Hunters explains how the bug works, the root-cause code pattern, how the fix addresses it, and how to test whether a target is affected, in chat. Investigate & write exploit is a paid run — the engine reads the advisory and fix commits, then builds and validates a working proof-of-concept exploit with reproduction steps.

Affected versions

1.533 → fixed in 1.5510 → fixed in 1.532.2

Details

The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump.

The fix

[FIXED SECURITY-73] Require RUN_SCRIPTS for /heapDump.

Jesse Glick· Feb 7, 2014, 05:40 PM+110530a6645a
core/src/main/java/hudson/util/RemotingDiagnostics.java+1 1
@@ -202,7 +202,7 @@ public void doIndex(StaplerResponse rsp) throws IOException {
@WebMethod(name="heapdump.hprof")
public void doHeapDump(StaplerRequest req, StaplerResponse rsp) throws IOException, InterruptedException {
- owner.checkPermission(Jenkins.ADMINISTER);
+ owner.checkPermission(Jenkins.RUN_SCRIPTS);
rsp.setContentType("application/octet-stream");
FilePath dump = obtain();

References