CVE-2019-16548 in Google Compute Engine Plugin
Summary
by MITRE
A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineCloud#doProvision could be used to provision new agents.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 11/22/2019
This cross-site request forgery vulnerability exists within the Jenkins Google Compute Engine Plugin version 4.1.1 and earlier, specifically affecting the ComputeEngineCloud#doProvision method. The flaw allows authenticated attackers to manipulate the plugin's provisioning functionality through maliciously crafted requests. The vulnerability stems from the absence of proper anti-CSRF token validation in the affected endpoint, enabling unauthorized agent provisioning operations. Attackers could leverage this weakness to create new compute instances within the target Google Cloud environment without proper authorization, potentially leading to resource exhaustion and unauthorized cloud compute usage.
The technical implementation of this vulnerability involves the lack of CSRF protection mechanisms in the doProvision method which handles agent provisioning requests. When Jenkins processes provisioning requests through the Google Compute Engine plugin, it fails to validate that requests originate from legitimate sources within the same session. This omission creates a path for attackers who can craft malicious HTTP requests that appear to come from authenticated users. The vulnerability specifically impacts the plugin's ability to authenticate and authorize provisioning operations, allowing remote attackers to execute unauthorized compute instance creation commands against the configured Google Cloud project. The flaw directly violates the principle of least privilege and proper access control enforcement.
The operational impact of this vulnerability extends beyond simple unauthorized provisioning activities. An attacker who successfully exploits this CSRF vulnerability can potentially consume significant cloud computing resources, leading to unexpected billing charges and resource depletion. The unauthorized creation of compute instances could also serve as a foothold for further attacks, allowing threat actors to establish persistent infrastructure within the target environment. Additionally, this vulnerability compromises the integrity of the Jenkins environment's cloud integration, potentially exposing sensitive data or enabling lateral movement within the cloud infrastructure. The impact is particularly severe for organizations that rely heavily on automated provisioning and continuous integration workflows.
Organizations should immediately upgrade to Jenkins Google Compute Engine Plugin version 4.1.2 or later, which includes the necessary CSRF protection mechanisms. The fix typically involves implementing proper anti-CSRF token validation in the affected endpoint, ensuring that all provisioning requests contain valid session tokens. System administrators should also review and tighten access controls for Jenkins instances, particularly those with cloud integration capabilities. Monitoring for unauthorized provisioning activities and implementing network-level controls to restrict access to the affected plugin endpoints can provide additional defense layers. This vulnerability aligns with CWE-352, which specifically addresses Cross-Site Request Forgery weaknesses, and relates to ATT&CK technique T1059.001 for executing malicious code through compromised Jenkins environments. Regular security assessments of Jenkins plugins and automated vulnerability scanning should be implemented to prevent similar issues from arising in the future.