Listen to this Post
The Jenkins MCP Server Plugin prior to version 0.86.v7d3355e6a contained multiple MCP tools that failed to perform necessary permission checks. This authorization flaw allows attackers to escalate privileges by exploiting specific MCP tool endpoints. For instance, the `getJobScm` tool, which retrieves job SCM configuration details, did not verify if the user possessed the required Item/Extended Read permission, only checking for Item/Read. Similarly, the `triggerBuild` tool allowed users with only Item/Read permission to start new builds, bypassing the mandatory Item/Build permission check. The `getStatus` tool leaked information about configured cloud names to users without Overall/Read permission. The vulnerability stems from incomplete permission validation within the plugin’s method implementations, allowing lower-privileged users to perform sensitive actions or access confidential data.
Platform: Jenkins Plugin
Version: < 0.86.v7d3355e6a
Vulnerability : Missing Authorization
Severity: Moderate
date: 2024-10-29
Prediction: 2024-11-12
What Undercode Say:
Querying Jenkins MCP server endpoint
curl -X POST http://jenkins-host/mcp/tool \
-H "Content-Type: application/json" \
-d '{"tool": "getJobScm", "arguments": {"jobName": "target-job"}}'
Triggering build without proper permissions
curl -X POST http://jenkins-host/mcp/tool \
-H "Content-Type: application/json" \
-d '{"tool": "triggerBuild", "arguments": {"jobName": "sensitive-job"}}'
How Exploit:
Attackers with basic Item/Read access can send crafted JSON-RPC requests to the vulnerable MCP server endpoints. By invoking getJobScm, they exfiltrate sensitive SCM configuration details like repository URLs and credentials. Using triggerBuild, they can unauthorizedly start job builds, potentially disrupting CI/CD pipelines or executing code. The `getStatus` tool can be queried by any unauthenticated user to map the Jenkins infrastructure by listing cloud names.
Protection from this CVE
Upgrade plugin to version 0.86.v7d3355e6a. Implement network segmentation to restrict access to Jenkins instances. Apply principle of least privilege by regularly auditing user permissions. Use security plugins to monitor for anomalous MCP tool usage.
Impact:
Unauthorized access to job SCM details. Unauthorized build triggering. Information disclosure of cloud configuration. Potential supply chain compromise via leaked credentials.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
