Login Sign Up

CVE-2023-37949

7.1 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability in Jenkins Orka by MacStadium Plugin allows attackers with Overall/Read permission to connect to attacker-controlled URLs using stolen credential IDs, potentially exposing sensitive Jenkins credentials. It affects Jenkins instances using the Orka plugin version 1.33 and earlier. Attackers need some level of access but can escalate to credential theft.

💻 Affected Systems

Products:
  • Jenkins Orka by MacStadium Plugin
Versions: 1.33 and earlier
Operating Systems: All platforms running Jenkins
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Jenkins with the Orka plugin installed and users with Overall/Read permission.

📦 What is this software?

Orka By Macstadium by Jenkins

View all CVEs affecting Orka By Macstadium →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of Jenkins credentials leading to lateral movement, data exfiltration, and potential infrastructure takeover.

🟠

Likely Case

Credential theft from Jenkins credential store, enabling further attacks on connected systems and services.

🟢

If Mitigated

Limited impact due to proper access controls and network segmentation preventing credential exfiltration.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires attacker to have Overall/Read permission and access to credential IDs through other means.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.34 or later

Vendor Advisory: https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3128

Restart Required: Yes

Instructions:

1. Update Jenkins Orka plugin to version 1.34 or later via Jenkins Plugin Manager
2. Restart Jenkins service
3. Verify plugin version in Manage Jenkins > Manage Plugins

🔧 Temporary Workarounds

Remove Overall/Read permission from untrusted users

all

Restrict Overall/Read permission to trusted administrators only

Disable Orka plugin

all

Temporarily disable the vulnerable plugin if not required

Manage Jenkins > Manage Plugins > Installed > Orka by MacStadium > Disable

🧯 If You Can't Patch

  • Implement strict access controls limiting Overall/Read permission to essential personnel only
  • Monitor Jenkins logs for suspicious credential access attempts and network connections to external URLs

🔍 How to Verify

Check if Vulnerable:

Check Jenkins plugin version: Manage Jenkins > Manage Plugins > Installed > Orka by MacStadium

Check Version:

Check Jenkins web interface or plugin manifest file

Verify Fix Applied:

Verify plugin version is 1.34 or higher in Manage Jenkins > Manage Plugins

📡 Detection & Monitoring

Log Indicators:

  • Unusual credential access patterns
  • Connections to unexpected external URLs from Jenkins
  • Failed permission checks in Orka plugin logs

Network Indicators:

  • Outbound connections from Jenkins to unfamiliar domains/IPs
  • Unusual credential store access patterns

SIEM Query:

source="jenkins" AND (plugin="orka" OR credential_access OR url_connection)

📊 Metadata

CVE ID: CVE-2023-37949
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CWE: CWE-862
Published: July 12, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37949, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)