RELEASED: Public: 2020-03-09
CloudBees Internal Ticket: [CTR-1098]
Single sign-on (SSO) authentication to CloudBees Jenkins controllers was vulnerable to cross site request forgery (CSRF) attacks. This vulnerability meant, a malicious user could have forged an authentication URL to be sent to another user (potentially with more permissions, ie. an Administrator). Then, if the target victim clicked on the URL and logged into the system, the attacker would be able to retrieve an authentication code to use to log in as the victim user.
Since the attack is based on forging the
from parameter of the authentication call, to fix this vulnerability an additional check has been added to ensure the
from parameter is the expected one and return HTTP 400 (Bad Request) otherwise.
This only affects installations that use the Operations Center Single Sign-On Plugin.