277 matches found
Jenkins HTMLResource Plugin Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
CVE-2023-49654
Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system...
CVE-2023-49655
A cross-site request forgery CSRF vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system...
PT-2023-31280 · Jenkins · Jenkins Matlab Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins MATLAB Plugin versions 2.11.0 and earlier Description: The issue arises from missing permission checks in the Jenkins MATLAB Plugin, allowing attackers to have Jenkins parse an XML file from the Jenkins controller file system...
Jenkins: Temporary file parameter created with insecure permissions
A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the defau...
CVE-2023-46655
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins...
CVE-2023-46654
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller...
CVE-2023-43497
In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controll...
CVE-2023-43498
In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller...
ZZCMS Code Issues Vulnerabilities
ZZCMS is a content management system CMS from the China ZZCMS team. A security vulnerability exists in ZZCMS v.2023, which can be exploited to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...
PT-2023-28328 · Zzcms +1 · Zzcms +1
Name of the Vulnerable Software and Affected Versions: zzCMS version 2023 Description: An issue in the software allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php. Recommendations: For zzCMS version 2023, consider...
Path traversal allows exploiting XXE vulnerability in Jenkins Job Configuration History Plugin
Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'...
PT-2023-27396 · Jenkins · Jenkins Folders Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Folders Plugin versions 6.846.v23698686f0f6 and earlier Description: The issue concerns the Jenkins Folders Plugin, which displays an error message including the absolute path of a log file when attempting to access the Scan...
Jenkins Benchmark Evaluator Plugin vulnerable to cross-site request forgery
Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the...
CVE-2023-3315
Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...
Jenkins: Temporary file parameter created with insecure permissions
A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the defau...
PT-2023-24190 · Jenkins · Jenkins Team Concert Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Team Concert Plugin versions 2.4.1 and earlier Description: The issue is related to missing permission checks in the Jenkins Team Concert Plugin, which allows attackers with Overall/Read permission to check for the existence of an...
GHSA-WHGJ-6M78-2GG9 Arbitrary file read vulnerability in Jenkins AWS CodeCommit Trigger Plugin
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system...
CVE-2023-32979
Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system...
Design/Logic Flaw
Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system...