1464 matches found
Stored XSS vulnerability in log-parser
log-parser did not escape an error message shown when log parsing patterns are invalid. This resulted in a persisted cross-site scripting vulnerability exploitable by attackers able to control the log parsing rules configuration, typically users with Job/Configure permission. Jenkins applies the...
azure-event-grid-notifier stores credentials in plain text
azure-event-grid-notifier stores the Azure Event Grid secret key unencrypted in job config.xml files on the Jenkins controller. This key can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. As of publication of this advisory, there is no fix...
neuvector-vulnerability-scanner stored credentials in plain text
neuvector-vulnerability-scanner stored registry credentials unencrypted in its global configuration file io.jenkins.plugins.neuvector.NeuVectorBuilder.xml on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system...
Stored XSS vulnerability in build-environment
build-environment did not escape values of environment variables shown on its views. This resulted in a cross-site scripting vulnerability exploitable by attackers able to control the values of build environment variables, typically users with Job/Configure or Job/Build permission. Jenkins applie...
Sandbox bypass vulnerability in script-security
Sandbox protection in script-security could be circumvented through any of the following: Crafted method names in method call expressions CVE-2019-10393 Crafted property names in property expressions on the left-hand side of assignment expressions CVE-2019-10394 Crafted property names in property...
ibm-application-security showed plain text password in job configuration form fields
ibm-application-security stores service passwords in job configurations. While the password is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the password through browser extensions, cross-site scripting...
Stored XSS vulnerability in update center
Jenkins did not properly escape the update site URL in some status messages shown in the update center, resulting in a stored cross-site scripting vulnerability that is exploitable by administrators and affects other administrators. Jenkins now escapes the update site URL in status messages shown...
CSRF vulnerability and missing permission check in relution-publisher allow SSRF
A missing permission check in a form validation method in relution-publisher allows users with Overall/Read permission to initiate a connection test to an attacker-specified URL using attacker-specified credentials and attacker-specified HTTP proxy configuration. Additionally, the form validation...
HTTP session fixation vulnerability in gitlab-oauth
gitlab-oauth does not invalidate the previous session and create a new one upon successful login. This allows attackers able to control or obtain another user's pre-login session ID to impersonate them. As of publication of this advisory, there is no fix...
labmanager globally and unconditionally disables SSL/TLS certificate validation
labmanager unconditionally disables SSL/TLS certificate validation for the entire Jenkins controller JVM. As of publication of this advisory, there is no fix...
Open redirect vulnerability in gitlab-oauth
gitlab-oauth records the HTTP Referer header when the authentication process starts and redirects users to that URL when the user has finished logging in. This implements an open redirect, allowing malicious sites to implement a phishing attack, with users expecting they have just logged in to...
Stored XSS vulnerability in m2release
m2release did not properly escape variables in multiple views, resulting in a stored cross-site scripting vulnerability. Variables on affected views are now escaped...
google-kubernetes-engine stored temporary secret in a user accessible location
google-kubernetes-engine created a temporary file named .kube…config containing a temporary access token in the project workspace. This allowed the file to be accessed via workspace browsers, or accidentally archived, disclosing the token. This temporary file is now created outside the regular...
configuration-as-code exported secret values in plain text
configuration-as-code allows to export the current Jenkins configuration as a YAML file. Secrets such as passwords should be exported in their encrypted form to prevent accidental disclosure. configuration-as-code did not reliably detect which values in the exported YAML file need to be considere...
Unauthorized view fragment access
Jenkins uses the Stapler web framework to render its UI views. These views are frequently composed of several view fragments, enabling plugins to extend existing views with more content. In some cases attackers could directly access a view fragment containing sensitive information, bypassing any...
Arbitrary file write vulnerability using file parameter definitions
Users with Job/Configure permission could specify a relative path escaping the base directory in the file name portion of a file parameter definition. This path would be used to store the uploaded file on the Jenkins controller, resulting in an arbitrary file write vulnerability. File parameters...
caliper-ci stores credentials in plain text
caliper-ci stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. As of publication of this advisory, there is no fix...
Stored XSS vulnerability in depgraph-view
depgraph-view does not correctly escape the Display Name value for jobs in Jenkins, resulting in a stored cross-site scripting vulnerability. As of publication of this advisory, there is no fix...
Missing permission checks in electricflow
Various form validation and form autocompletion methods in electricflow lacked permission checks. This allowed attackers with Overall/Read access to obtain information about the configuration of electricflow, as well as the configuration and data of connected ElectricFlow servers. These form...
XML External Entity processing vulnerability in token-macro
token-macro did not configure its XML parser in a way that would prevent XML External Entity XXE processing. This allowed attackers able to control the contents of files processed with the $XML macro to have Jenkins parse a maliciously crafted XML file that uses external entities for extraction o...
Users with Overall/Read access could enumerate credential IDs in artifactory
artifactory provides a list of applicable credential IDs to allow users configuring the plugin to select the one to use. This functionality does not correctly check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those can be used as part of an...
aqua-microscanner stored credentials in plain text
aqua-microscanner stored credentials unencrypted in its global configuration file on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system. aqua-microscanner now stores credentials encrypted...
XXE vulnerability via UDP broadcast response in swarm client
swarm allows clients to auto-discover Jenkins instances on the same network through a UDP discovery request. Responses to this request are XML documents. swarm does not configure the XML parser in a way that would prevent XML External Entity XXE processing. This allows unauthenticated attackers o...
azure-ad stored credentials in plain text
azure-ad stored the client secret unencrypted in the global config.xml configuration file on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system. azure-ad now stores the client secret encrypted...
XSS vulnerability in form validation button
The f:validateButton form control for the Jenkins UI did not properly escape job URLs. This resulted in a cross-site scripting XSS vulnerability exploitable by users with the ability to control job names. The affected form control has been rewritten to no longer need to escape job URLs...
octopusdeploy stores credentials in plain text
octopusdeploy stores credentials unencrypted in its global configuration file hudson.plugins.octopusdeploy.OctopusDeployPlugin.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...
VS Team Services Continuous Deployment Plugin stores credentials in plain text
vsts-cd stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
CSRF vulnerability and missing permission check in nomad allow SSRF
A missing permission check in a form validation method in nomad allows users with Overall/Read permission to initiate a connection test to an attacker-specified URL. Additionally, the form validation method does not require POST requests, resulting in a CSRF vulnerability...
Crowd Integration Plugin stores credentials in plain text
Crowd Integration Plugin stores credentials unencrypted in the global configuration file config.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...
starteam stores credentials in plain text
starteam stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
Assembla Auth Plugin stores credentials in plain text
Assembla Auth Plugin stores credentials unencrypted in the global configuration file config.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...
mabl-integration stores credentials in plain text
mabl-integration stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
minio-storage stores credentials in plain text
minio-storage stores credentials unencrypted in its global configuration file org.jenkinsci.plugins.minio.MinioUploader.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...
netsparker-cloud-scan stored credentials in plain text
netsparker-cloud-scan stored API tokens unencrypted in its global configuration file com.netsparker.cloud.plugin.NCScanBuilder.xml on the Jenkins controller. These API tokens could be viewed by users with access to the Jenkins controller file system. netsparker-cloud-scan now stores API tokens...
Open STF Plugin stores credentials in plain text
Open STF Plugin stores credentials unencrypted in its global configuration file hudson.plugins.openstf.STFBuildWrapper.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...
CSRF vulnerability and missing permission check in jenkins-reviewbot allow SSRF
A missing permission check in a form validation method in jenkins-reviewbot allows users with Overall/Read permission to initiate a connection test to an attacker-specified URL with attacker-specified credentials. Additionally, the form validation method does not require POST requests, resulting ...
jabber-server-plugin stores credentials in plain text
jabber-server-plugin stores credentials unencrypted in its global configuration file de.enexus.jabber.JabberBuilder.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...
CSRF vulnerability and missing permission check in kmap-jenkins allow SSRF
A missing permission check in a form validation method in kmap-jenkins allows users with Overall/Read permission to initiate a connection test to an attacker-specified server with attacker-specified credentials. Additionally, the form validation method does not require POST requests, resulting in...
Perfecto Mobile Plugin stores credentials in plain text
Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file com.perfectomobile.jenkins.ScriptExecutionBuilder.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...
relution-publisher stores credentials in plain text
relution-publisher stores credentials unencrypted in its global configuration file org.jenkinsci.plugins.relutionpublisher.configuration.global.StoreConfiguration.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...
jenkins-cloudformation-plugin stores credentials in plain text
jenkins-cloudformation-plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
CSRF vulnerability and missing permission check in zephyr-enterprise-test-management allow SSRF
A missing permission check in a form validation method in zephyr-enterprise-test-management allows users with Overall/Read permission to initiate a connection test to an attacker-specified server with attacker-specified credentials. Additionally, the form validation method does not require POST...
CloudShare Docker-Machine Plugin stores credentials in plain text
CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file com.cloudshare.jenkins.CloudShareConfiguration.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...
websphere-deployer stores credentials in plain text
websphere-deployer stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
AWS CloudWatch Logs Publisher Plugin stores credentials in plain text
AWS CloudWatch Logs Publisher Plugin stores credentials unencrypted in its global configuration file jenkins.plugins.awslogspublisher.AWSLogsConfig.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...
CSRF vulnerability and missing permission check in gearman-plugin
A missing permission check in a form validation method in gearman-plugin allows users with Overall/Read permission to initiate a connection test to an attacker-specified server. Additionally, the form validation method does not require POST requests, resulting in a CSRF vulnerability...
Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin
Sandbox protection in the Script Security and Pipeline: Groovy Plugins could be circumvented through methods supporting type casts and type coercion. This allowed attackers to invoke constructors for arbitrary types. Script Security and Pipeline: Groovy have been hardened to prevent these methods...
ECS Publisher Plugin stored and displayed API token in plain text
ECS Publisher Plugin stored the API token unencrypted in jobs' config.xml files and its global configuration file on the Jenkins controller. This token could be viewed by users with Extended Read permission, or access to the Jenkins controller file system. Additionally, the API token was not mask...
SSRF vulnerability due to missing permission check in Fortify on Demand Uploader Plugin
A missing permission check in multiple form validation methods in Fortify on Demand Uploader Plugin allowed users with Overall/Read permission to initiate a connection test to an attacker-specified server. Additionally, the form validation methods did not require POST requests, resulting in a CSR...
PRQA Plugin stored password in plain text
PRQA Plugin stored a password unencrypted in its global configuration file on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system. The plugin now stores the password encrypted in the configuration files on disk...