CVE-2018-8718 PoC — CloudBees Jenkins Mailer Plugin 跨站请求伪造漏洞

Source

https://github.com/GeunSam2/CVE-2018-8718

Associated Vulnerability

Title:CloudBees Jenkins Mailer Plugin 跨站请求伪造漏洞 (CVE-2018-8718)
Description:CloudBees Jenkins（前称Hudson Labs）是美国CloudBees公司的一套基于Java开发的持续集成工具，该工具主要用于监控秩序重复的工作。Mailer Plugin是使用在其中的一个电子邮件插件。 CloudBees Jenkins 2.111版本中的Mailer Plugin 1.20版本存在跨站请求伪造漏洞。远程攻击者可通过发送/descriptorByName/hudson.tasks.Mailer/sendTestMail请求利用该漏洞以任意用户身份发送未授权的邮件。

Description

POC of CVE-2018-8718 + tool

Readme

###################################################

#Exploit Title : [Jenkins] mailer plugin CSRF Vulnerability - Send CSRF MAIL

#Date : [2018/06/05]

#Exploit Author : [Yeom Geun Cheol]

#Vendor Homepage : [https://jenkins.io/]

#Software Link : [https://updates.jenkins.io/download/plugins/mailer/1.20/mailer.hpi]

#Version: [Below Version 1.20 (1.1 ~ 1.20) ]

#Tested on : [Linux , Windows]

#CVE : [CVE–2018-8718]

###################################################

POC of CVE-2018-8718 + tool

File Snapshot


 [4.0K]  /data/pocs/69d8c7954706ebca0c6cb9a046441e0f57211197
├── [7.1K]  CVE–2018-8718.py
└── [ 504]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!