Jenkins Compuware Topaz for Total Test Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

CVE-2022-41235

Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system...

CVE-2022-30313

Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0051, there is a Honeywell Experion PKS Safety Manager multiple proprietary protocols with unauthenticated functionality issue. The affected components are...

CVE-2022-36889

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service...

PT-2022-4008 · Jenkins · Jenkins Buckminster Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Buckminster Plugin versions 1.1.1 and earlier Description: The issue is related to insufficient authorization procedures in the Jenkins Buckminster Plugin, allowing remote attackers with Overall/Read permission to gain unauthorized...

PT-2022-22356 · Jenkins · Jenkins Opsgenie Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpsGenie Plugin versions 1.9 and earlier Description: The issue concerns the transmission and storage of API keys in plain text. Specifically, API keys are transmitted in plain text as part of the global Jenkins configuration form and...

workflow-multibranch: Pipeline-related plugins follow symbolic links or do not limit path names

A flaw was found in Jenkins. The Pipeline: Multibranch follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step. This flaw allows attackers that can configure Pipelines, to read arbitrary files on the Jenkins...

workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step. This flaw allows attackers who can configure Pipelines to read arbitrary files on the Jenkins controll...

workflow-multibranch: Pipeline-related plugins follow symbolic links or do not limit path names

A flaw was found in Jenkins. The Pipeline: Multibranch follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step. This flaw allows attackers that can configure Pipelines, to read arbitrary files on the Jenkins...

workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step. This flaw allows attackers who can configure Pipelines to read arbitrary files on the Jenkins controll...

workflow-cps: Pipeline-related plugins follow symbolic links or do not limit path names

A flaw was found in Jenkins. The Pipeline: Groovy Plugin follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file typically Jenkinsfile for Pipelines. This flaw allows attackers who can configure Pipelines to read arbitrary files on...

PT-2022-18845 · Jenkins +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Continuous Integration with Toad Edge Plugin versions 2.3 and earlier Description: The issue allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller by specifying an input folder on the Jenkin...

workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step. This flaw allows attackers who can configure Pipelines to read arbitrary files on the Jenkins controll...

workflow-cps: Pipeline-related plugins follow symbolic links or do not limit path names

A flaw was found in Jenkins. The Pipeline: Groovy Plugin follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file typically Jenkinsfile for Pipelines. This flaw allows attackers who can configure Pipelines to read arbitrary files on...

PT-2022-18295 · Jenkins · Jenkins Kubernetes Continuous Deploy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes Continuous Deploy Plugin versions 2.3.1 and earlier Description: The issue allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller. This is a significant security concern as it...

CVE-2022-25197

Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system...

Jenkins Pipeline 路径遍历漏洞

Jenkins Pipeline is a set of plugins that support the implementation and integration of continuous delivery pipelines into Jenkins. A path traversal vulnerability exists in the Jenkins Pipeline Shared Groovy Libraries Plugin, which stems from the fact that Jenkins Pipeline Shared Groovy Libraries...

CVE-2022-23113

Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files...

jenkins: Creating symbolic links is possible without the symlink permission

A vulnerability was found in Jenkins which failed to correctly validate permissions. This flaw allowed any user to create symbolic links regardless if they had the symlink permission. It may allow an attacker to read and write to arbitrary files on the Jenkins controller file system...

jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories

A link following vulnerability was found in Jenkins. The file path filters do not canonicalize paths allowing operations to follow symbolic links to directories they are not supposed to have access to. This may allow an attacker to read and write arbitrary files on the Jenkins controller file...