CVE-2022-41232 in Build-Publisher Plugin
Summary
by MITRE • 09/21/2022
A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 05/28/2025
This cross-site request forgery vulnerability exists within the Jenkins Build-Publisher Plugin version 1.22 and earlier, representing a critical security flaw that enables unauthorized modification of the Jenkins controller's configuration files. The vulnerability specifically targets the plugin's handling of file operations through API endpoints, allowing attackers to manipulate the configuration.xml file that serves as the central configuration repository for Jenkins. The flaw arises from insufficient validation of file names provided through user-controllable inputs, creating an opportunity for attackers to craft malicious requests that can overwrite critical system files with empty content. This type of vulnerability falls under CWE-352, which categorizes cross-site request forgery issues, and represents a significant risk to Jenkins security infrastructure.
The technical implementation of this vulnerability involves an attacker exploiting the plugin's API endpoint that accepts file names as parameters without proper sanitization or authorization checks. When a crafted filename is submitted through a malicious request, the system processes it without verifying that the operation is legitimate or that the user has appropriate permissions to modify the target file. The vulnerability specifically allows for the replacement of config.xml with an empty file, which effectively destroys the Jenkins controller's configuration, rendering the system non-functional and requiring complete reconfiguration. This attack vector leverages the principle of least privilege violation, where an authenticated user can perform operations beyond their intended scope, potentially leading to complete system compromise.
The operational impact of this vulnerability extends beyond simple configuration corruption, as it can lead to complete service disruption and potential data loss for Jenkins administrators. When the config.xml file is replaced with an empty file, the Jenkins controller loses all its configuration settings, including user accounts, job definitions, build history, and plugin configurations. This scenario creates an immediate availability issue that can affect continuous integration and deployment pipelines, potentially causing significant downtime for development teams. The vulnerability also represents a potential escalation path for attackers who may use this initial compromise as a foothold for further exploitation, potentially leading to unauthorized access to build artifacts, source code repositories, and other sensitive system components.
Mitigation strategies for this vulnerability should include immediate patching of the Jenkins Build-Publisher Plugin to version 1.23 or later, which addresses the CSRF validation issues. Organizations should also implement proper input validation and output encoding practices for all API endpoints, ensuring that file name parameters are properly sanitized before processing. The principle of least privilege should be enforced through proper authentication and authorization checks, verifying that users have appropriate permissions before allowing file operations. Additionally, network segmentation and access controls should be implemented to limit exposure of Jenkins API endpoints to untrusted networks, while regular security audits should monitor for unauthorized configuration changes. This vulnerability demonstrates the importance of implementing robust CSRF protection mechanisms and adheres to ATT&CK technique T1566.002, which covers credential access through web application attacks, and T1484.001, which addresses privilege escalation through configuration file manipulation. Organizations should also consider implementing automated backup and recovery procedures for Jenkins configurations to ensure rapid restoration in case of such attacks.