Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.16 Multiple Vulnerabilities (CloudBees Security Advisory 2023-05-03-security-advisory)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.16. It is, therefore, affected by multiple vulnerabilities including the following: - Backup Jobs Can Be Broken by Low-Privilege User With Job/Configure BEE-29576Severity...

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.14 Multiple Vulnerabilities (CloudBees Security Advisory 2023-04-05)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.14. It is, therefore, affected by multiple vulnerabilities including the following: - CloudBees Backup plugin uses SHA-1 hashes for the approvers map BEE-29578 - CloudBee...

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.8 Multiple Vulnerabilities (CloudBees Security Advisory 2023-03-08)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.8. It is, therefore, affected by multiple vulnerabilities including the following: - DoS vulnerability in bundled Apache Commons FileUpload library CVE-2023-24998,...

SUSE CVE-2014-2068

The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump...

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.8 Multiple Vulnerabilities (CloudBees Security Advisory 2023-02-09)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.8. It is, therefore, affected by multiple vulnerabilities including the following: - Git releases with critical vulnerabilities on CloudBees CI Docker images...

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.7 Multiple Vulnerabilities (CloudBees Security Advisory 2023-01-24)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.7. It is, therefore, affected by multiple vulnerabilities including the following: - Sandbox bypass vulnerability in Script Security Plugin CVE-2023-24422 - CSRF...

Lack of authentication mechanism for webhook in CloudBees Docker Hub/Registry Notification Plugin

CloudBees Docker Hub/Registry Notification Plugin provides several webhook endpoints that can be used to trigger builds when Docker images used by a job have been rebuilt. In CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier, these endpoints can be accessed without authenticatio...

GHSA-V535-PC6R-77QH Lack of authentication mechanism for webhook in CloudBees Docker Hub/Registry Notification Plugin

CloudBees Docker Hub/Registry Notification Plugin provides several webhook endpoints that can be used to trigger builds when Docker images used by a job have been rebuilt. In CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier, these endpoints can be accessed without authenticatio...

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.6 / 2.361.3.4 Multiple Vulnerabilities (CloudBees Security Advisory 2022-11-15)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.6 or 2.x prior to 2.361.3.4. It is, therefore, affected by multiple vulnerabilities including the following: - CVE-2022-38751 on snakeyaml fixed train 2.346.x.0.z BEE-237...

CVE-2022-45385

A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository...

Design/Logic Flaw

A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository...

CVE-2022-45385

A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository...

PT-2022-27487 · Cloudbees +1 · Jenkins Cloudbees Docker Hub/Registry Notification Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CloudBees Docker Hub/Registry Notification Plugin versions 2.6.2 and earlier Description: A missing permission check in the Jenkins CloudBees Docker Hub/Registry Notification Plugin allows unauthenticated attackers to trigger builds o...

CVE-2022-45385

A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository...

Jenkins Plugin CloudBees Docker Hub/Registry Notification 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin CloudBees...

CVE-2022-45385

CVE-2022-45385 concerns a missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin (versions 2.6.2 and earlier). The flaw allows unauthenticated users to trigger builds for attacker-specified repositories via webhook endpoints. Multiple connected advisories confirm th...

Jenkins Enterprise and Operations Center 2.303.x < 2.303.30.0.16 / 2.346.4.1 Multiple Vulnerabilities (CloudBees Security Advisory 2022-08-27)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.303.x prior to 2.303.30.0.16, or 2.x prior to 2.346.4.1. It is, therefore, affected by multiple vulnerabilities, including the following: - Loading specially-crafted yaml with the Kubernetes Java...

Jenkins < 1.482, < 1.466.2 LTS Multiple Vulnerabilities - Windows

Jenkins is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

org.jenkins-ci.plugins:cloudbees-deployer-plugin (=6.0) potentially affected by CVE-2022-36889 via org.jenkins-ci.plugins:deployer-framework (=1.0)

org.jenkins-ci.plugins:deployer-framework MAVEN version =1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:deployer-framework and may be impacted: - org.jenkins-ci.plugins:cloudbees-deployer-plugin =6.0 Source cves:...

org.jenkins-ci.plugins:cloudbees-deployer-plugin (=6.0) potentially affected by CVE-2022-36891 via org.jenkins-ci.plugins:deployer-framework (=1.0)

org.jenkins-ci.plugins:deployer-framework MAVEN version =1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:deployer-framework and may be impacted: - org.jenkins-ci.plugins:cloudbees-deployer-plugin =6.0 Source cves:...