CVE-2022-29050
📋 TL;DR
This CSRF vulnerability in Jenkins Publish Over FTP Plugin allows attackers to trick authenticated users into connecting to attacker-controlled FTP servers using attacker-specified credentials. It affects Jenkins instances with the vulnerable plugin installed. Attackers could potentially exfiltrate data or use the FTP connection for further attacks.
💻 Affected Systems
- Jenkins Publish Over FTP Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could exfiltrate sensitive data from Jenkins servers, use the FTP connection to deploy malware, or pivot to internal network resources via the FTP connection.
Likely Case
Attackers could steal credentials or sensitive files by redirecting FTP connections to malicious servers, potentially leading to data breaches.
If Mitigated
With proper CSRF protections and network segmentation, impact is limited to potential credential exposure without broader system compromise.
🎯 Exploit Status
Exploitation requires tricking an authenticated user into visiting a malicious webpage. CSRF attacks are well-understood and easy to weaponize.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.17 or later
Vendor Advisory: https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2321
Restart Required: Yes
Instructions:
1. Update Jenkins Publish Over FTP Plugin to version 1.17 or later via Jenkins Plugin Manager. 2. Restart Jenkins to apply the update. 3. Verify the plugin version in Manage Jenkins > Manage Plugins > Installed tab.
🔧 Temporary Workarounds
Disable FTP Plugin
allTemporarily disable the vulnerable plugin if immediate patching is not possible.
java -jar jenkins-cli.jar -s http://jenkins-server:8080/ disable-plugin publish-over-ftp
Implement CSRF Protection
allEnsure Jenkins CSRF protection is enabled and properly configured.
Check Jenkins > Configure Global Security > Prevent Cross Site Request Forgery exploits is enabled
🧯 If You Can't Patch
- Network segmentation: Restrict FTP connections to trusted servers only
- User awareness: Train users to avoid clicking suspicious links while authenticated
🔍 How to Verify
Check if Vulnerable:
Check plugin version in Jenkins > Manage Jenkins > Manage Plugins > Installed tab. If Publish Over FTP Plugin version is 1.16 or earlier, you are vulnerable.Check Version:
java -jar jenkins-cli.jar -s http://jenkins-server:8080/ list-plugins | grep publish-over-ftpVerify Fix Applied:
Verify plugin version is 1.17 or later in Manage Plugins. Test FTP functionality to ensure it still works properly.📡 Detection & Monitoring
Log Indicators:
- Unexpected FTP connection attempts from Jenkins
- Failed authentication attempts to FTP servers
- Plugin update/installation logs
Network Indicators:
- Outbound FTP connections to unknown/unexpected destinations
- Unusual FTP traffic patterns from Jenkins server
SIEM Query:
source="jenkins.log" AND ("publish-over-ftp" OR "FTP connection") AND (error OR failed OR unauthorized)