CVE-2023-43498

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller...

Path traversal allows exploiting XXE vulnerability in Jenkins Job Configuration History Plugin

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'...

PT-2023-27396 · Jenkins · Jenkins Folders Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Folders Plugin versions 6.846.v23698686f0f6 and earlier Description: The issue concerns the Jenkins Folders Plugin, which displays an error message including the absolute path of a log file when attempting to access the Scan...

Jenkins Benchmark Evaluator Plugin vulnerable to cross-site request forgery

Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the...

CVE-2023-3315

Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

Jenkins: Temporary file parameter created with insecure permissions

A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the defau...

PT-2023-24190 · Jenkins · Jenkins Team Concert Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Team Concert Plugin versions 2.4.1 and earlier Description: The issue is related to missing permission checks in the Jenkins Team Concert Plugin, which allows attackers with Overall/Read permission to check for the existence of an...

GHSA-WHGJ-6M78-2GG9 Arbitrary file read vulnerability in Jenkins AWS CodeCommit Trigger Plugin

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system...

CVE-2023-32979

Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system...

Design/Logic Flaw

Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system...

CVE-2023-32986

Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified...

GHSA-96C7-FQXV-RMV7 Jenkins Consul KV Builder Plugin stores HashiCorp Consul ACL Token unencrypted

Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file org.jenkinsci.plugins.consulkv.GlobalConsulConfig.xml on the Jenkins controller as part of its configuration. This token can be viewed by users with access to the...

Jenkins: Temporary file parameter created with insecure permissions

A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the defau...

GHSA-4X65-4FJX-R7M6 Plaintext storage of Access Token in Jenkins GitHub Pull Request Coverage Status Plugin

Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file...

CVE-2023-24449

Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

Design/Logic Flaw

Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

Jenkins Plugin PWauth Security Realm 路径遍历漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

GHSA-9PQQ-H9QV-28FP Jenkins Config Rotator Plugin vulnerable to path traversal

Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system. Currently there is no known workaround and no fix available...

CVE-2022-45388

Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system...

GHSA-7FVJ-G3WP-29G8 Jenkins Compuware Topaz for Total Test Plugin vulnerable to Protection Mechanism Failure

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system...