CVE-2018-8718 PoC — CloudBees Jenkins Mailer Plugin 跨站请求伪造漏洞

Source

https://github.com/GeunSam2/CVE-2018-8718

Associated Vulnerability

Title:CloudBees Jenkins Mailer Plugin 跨站请求伪造漏洞 (CVE-2018-8718)
Description:Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.

Description

POC of CVE-2018-8718 + tool

Readme

###################################################

#Exploit Title : [Jenkins] mailer plugin CSRF Vulnerability - Send CSRF MAIL

#Date : [2018/06/05]

#Exploit Author : [Yeom Geun Cheol]

#Vendor Homepage : [https://jenkins.io/]

#Software Link : [https://updates.jenkins.io/download/plugins/mailer/1.20/mailer.hpi]

#Version: [Below Version 1.20 (1.1 ~ 1.20) ]

#Tested on : [Linux , Windows]

#CVE : [CVE–2018-8718]

###################################################

POC of CVE-2018-8718 + tool

File Snapshot


 [4.0K]  /data/pocs/69d8c7954706ebca0c6cb9a046441e0f57211197
├── [7.1K]  CVE–2018-8718.py
└── [ 504]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!