Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.15 Multiple Vulnerabilities (CloudBees Security Advisory 2023-04-12)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.15. It is, therefore, affected by multiple vulnerabilities including the following: - Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask i.e....

Jenkins Assembla merge request builder Plugin missing authentication to access endpoint

Jenkins Assembla merge request builder Plugin provides a webhook endpoint at /assembla-webhook/ that can be used to trigger builds of jobs configured to use a specified repository. In Assembla merge request builder Plugin 1.1.13 and earlier, this endpoint can be accessed without authentication...

GHSA-JR86-6J4J-MV45 Jenkins Assembla merge request builder Plugin missing authentication to access endpoint

Jenkins Assembla merge request builder Plugin provides a webhook endpoint at /assembla-webhook/ that can be used to trigger builds of jobs configured to use a specified repository. In Assembla merge request builder Plugin 1.1.13 and earlier, this endpoint can be accessed without authentication...

Design/Logic Flaw

A missing permission check in Jenkins Assembla merge request builder Plugin 1.1.13 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository...

CVE-2023-30521

The CVE-2023-30521 entry is supported by multiple connected documents confirming a vulnerability in the Jenkins Assembla merge request builder Plugin (versions 1.1.13 and earlier). The underlying issue is a missing permission check that allows unauthenticated attackers to trigger builds of jobs t...