Description	Shortcut
Open this window	`?`
Open the "+ New" dropdown	`c`
Go to personal dashboard	`d`
Open the "Switch to..." modal	`/` / `s`

Description	Shortcut
Focus first sidebar service	`shift + g`
Go to Test Management	`g + e`
Go to Trackers	`g + t`
Go to Git	`g + i`
Go to Documents	`g + d`
Go to Backlog	`g + b`
Go to Kanban	`g + k`

request #31929 XSS via the triggered job URL of a Jenkins job

Infos

Artifact ID#31929

Submitted byThomas Gerbet (tgerbet)

Last Modified On2023-05-29 08:11

Submitted on2023-05-05 15:03

Rank33556

Details

Summary *

XSS via the triggered job URL of a Jenkins job

Original Submission

The logs of the triggered Jenkins job URLs are not properly escaped.

Impact

A malicious Git administrators can setup a malicious Jenkins hook to make a victim (also a Git administrator) execute uncontrolled code.
CVSSv3.1 score: 4.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)

Exploitation

Go to a Git repository and setup a Jenkins hook. The hook must target a malicious endpoint and respond with a 200 HTTP status code and a header Triggered set to something like javascript:alert(1)
Push some content to the repository
Open the logs of the hook and click on the link

References

CWE 79
OWASP Cross-site Scripting
CVE-2023-32072

CategoryContinuous Integration

Reported in versionAll

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toYannis ROSSETTO (rossettoy)

StatusClosed

Close date2023-05-09

Attachments

Connected artifacts

Artifact links

By type:
Fixed in
Trackers:
Releases

	Artifact ID	Project	Tracker	Summary	Status	Last Update Date	Submitted By	Assigned to
	rel #31538	Tuleap	Releases	14.9	Delivered	2023-05-24 15:53	Manuel Vacelet (vaceletm)

Reverse artifact links

By type:
Trackers:

Empty

AttachmentsEmpty

References

Cross references

Show items referenced by request #31929

Referenced by request #31929

Artifact Tracker v5

rel #31538 14.9

Other

gerrit #31923

gerrit #28522

Follow-ups

Nicolas Terray (nterray)

2 years ago

Public disclosure.

Thomas Gerbet (tgerbet)

2 years ago

CVE-2023-32072 has been assigned to this issue.

Original Submission

Something went wrong, the follow up content couldn't be loaded

Only formatting have been changed, you should switch to markup to see the changes

Thomas Gerbet (tgerbet)

2 years ago

gerrit #28522 integrated into Tuleap 14.8.99.60

Original Submission

Something went wrong, the follow up content couldn't be loaded

Only formatting have been changed, you should switch to markup to see the changes
Status changed from Under review to Closed
Connected artifacts
- Added Fixed in: rel #31538
Close date set to 2023-05-09