Lucene search
K
JenkinsMost viewed

1464 matches found

Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/09/25 12:0 a.m.•6 views

elOyente stores credentials in plain text

elOyente stores a password unencrypted in its global configuration file com.technicolor.eloyente.ElOyente.xml on the Jenkins controller. This password can be viewed by users with access to the Jenkins controller file system. As of publication of this advisory, there is no fix...

5.5CVSS5.1AI score0.00348EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/09/12 12:0 a.m.•6 views

Stored XSS vulnerability in build-environment

build-environment did not escape values of environment variables shown on its views. This resulted in a cross-site scripting vulnerability exploitable by attackers able to control the values of build environment variables, typically users with Job/Configure or Job/Build permission. Jenkins applie...

5.4CVSS5.4AI score0.00688EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/09/12 12:0 a.m.•6 views

Stored XSS vulnerability in dashboard-view

dashboard-view did not escape the build description on the Latest Builds View. This resulted in a cross-site scripting vulnerability exploitable by attackers able to control the description of builds shown on that view. dashboard-view now applies the configured markup formatter to the build...

5.4CVSS5.4AI score0.00735EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/09/12 12:0 a.m.•6 views

beaker-builder stored credentials in plain text

beaker-builder stored the Beaker password unencrypted on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system. beaker-builder now stores these credentials encrypted...

5.5CVSS5.1AI score0.00291EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/08/07 12:0 a.m.•6 views

testlink stores credentials in plain text

testlink stores credentials unencrypted in its global configuration file hudson.plugins.testlink.TestLinkBuilder.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system. As of publication of this advisory, there is no fix...

5.3CVSS4.9AI score0.00502EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/08/07 12:0 a.m.•6 views

Google Cloud Messaging Notification stores credentials in plain text

Google Cloud Messaging Notification stores an API key unencrypted in its global configuration file org.jenkinsci.plugins.gcm.im.GcmPublisher.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system. As of publication of this advisor...

6.5CVSS6.4AI score0.0038EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/08/07 12:0 a.m.•6 views

Script sandbox bypass vulnerability in Simple Travis Pipeline Runner

Simple Travis Pipeline Runner defines a custom list of pre-approved signatures for scripts protected by the Script Security sandbox. This custom list of pre-approved signatures allows the use of methods that can be used to bypass Script Security sandbox protection. This results in arbitrary code...

8.8CVSS8.6AI score0.01765EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/07/31 12:0 a.m.•6 views

Sandbox bypass through type casts in script-security

Sandbox protection in script-security could be circumvented by casting crafted objects to other types. This allowed attackers able to specify sandboxed scripts to invoke constructors that weren't approved. Additionally, this could be used to read arbitrary files on the Jenkins controller. Casting...

8.8CVSS8AI score0.025EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/07/31 12:0 a.m.•6 views

Sandbox bypass through method pointer expressions in script-security

Sandbox protection in script-security could be circumvented through crafted subexpressions used as arguments to method pointer expressions. This allowed attackers able to specify sandboxed scripts to execute arbitrary code in the context of the Jenkins controller JVM. Method pointer subexpression...

8.8CVSS8.4AI score0.025EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/07/31 12:0 a.m.•6 views

Missing permission check in workflow-cps-global-lib

workflow-cps-global-lib provides form validation to determine whether the revision e.g. commit, tag, or branch name specified for a global library exists in the repository. This form validation method lacked a permission check, allowing attackers with Overall/Read access to determine whether an...

4.3CVSS5.5AI score0.01213EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/07/31 12:0 a.m.•6 views

skytap stored credentials in plain text

skytap stored credentials unencrypted in job config.xml files on the Jenkins controller. These credentials could be viewed by users with Extended Read permission, or access to the Jenkins controller file system. skytap now stores credentials encrypted...

6.5CVSS5.3AI score0.01482EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/04/30 12:0 a.m.•6 views

CSRF vulnerability and missing permission check in ansible-tower allowed capturing credentials

ansible-tower did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkin...

8.8CVSS6.5AI score0.01832EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/04/30 12:0 a.m.•6 views

twitter stores credentials in plain text

twitter stores credentials unencrypted in its global configuration file on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system. As of publication of this advisory, there is no fix...

8.8CVSS6.2AI score0.01832EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/04/30 12:0 a.m.•6 views

CSRF vulnerability in OAuth callback in github-oauth

github-oauth did not manage the state parameter of OAuth to prevent CSRF. This allowed an attacker to catch the redirect URL provided during the authentication process using OAuth and send it to the victim. If the victim was already connected to Jenkins, their Jenkins account would be attached to...

8.8CVSS6.7AI score0.02125EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/04/03 12:0 a.m.•6 views

CSRF vulnerability and missing permission check in cloudtest allow SSRF

A missing permission check in a form validation method in cloudtest allows users with Overall/Read permission to initiate a connection test to an attacker-specified URL with attacker-specified credentials and SSH key store options. Additionally, the form validation method does not require POST...

6.5CVSS6.3AI score0.01486EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/04/03 12:0 a.m.•6 views

TestFairy stores credentials in plain text

TestFairy stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

6.5CVSS6.4AI score0.01676EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/04/03 12:0 a.m.•6 views

klaros-testmanagement stores credentials in plain text

klaros-testmanagement stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

8.8CVSS6.3AI score0.01773EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/04/03 12:0 a.m.•6 views

cloudcoreo-deploytime stores credentials in plain text

cloudcoreo-deploytime stores credentials unencrypted in its global configuration file com.cloudcoreo.plugins.jenkins.CloudCoreoBuildWrapper.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

8.8CVSS6.2AI score0.01773EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/04/03 12:0 a.m.•6 views

CloudShare Docker-Machine Plugin stores credentials in plain text

CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file com.cloudshare.jenkins.CloudShareConfiguration.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

8.8CVSS6.2AI score0.01377EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/04/03 12:0 a.m.•6 views

trac-publisher-plugin stores credentials in plain text

trac-publisher-plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

8.8CVSS6.3AI score0.01365EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/04/03 12:0 a.m.•6 views

octopusdeploy stores credentials in plain text

octopusdeploy stores credentials unencrypted in its global configuration file hudson.plugins.octopusdeploy.OctopusDeployPlugin.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

8.8CVSS6.2AI score0.01365EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/04/03 12:0 a.m.•6 views

ftppublisher stores credentials in plain text

ftppublisher stores credentials unencrypted in its global configuration file com.zanox.hudson.plugins.FTPPublisher.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

8.8CVSS6.2AI score0.01365EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/04/03 12:0 a.m.•6 views

Audit to Database Plugin stores credentials in plain text

Audit to Database Plugin stores database credentials unencrypted in its global configuration file audit2db.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

8.8CVSS6.2AI score0.01365EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/03/25 12:0 a.m.•6 views

Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin

Sandbox protection in the Script Security and Pipeline: Groovy Plugins could be circumvented through methods supporting type casts and type coercion. This allowed attackers to invoke constructors for arbitrary types. Script Security and Pipeline: Groovy have been hardened to prevent these methods...

9.8CVSS7AI score0.03366EPSS
Exploits0Affected Software2
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/03/25 12:0 a.m.•6 views

SSRF vulnerability due to missing permission check in Fortify on Demand Uploader Plugin

A missing permission check in multiple form validation methods in Fortify on Demand Uploader Plugin allowed users with Overall/Read permission to initiate a connection test to an attacker-specified server. Additionally, the form validation methods did not require POST requests, resulting in a CSR...

6.5CVSS6.4AI score0.01536EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/03/25 12:0 a.m.•6 views

PRQA Plugin stored password in plain text

PRQA Plugin stored a password unencrypted in its global configuration file on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system. The plugin now stores the password encrypted in the configuration files on disk...

7.8CVSS5.9AI score0.00298EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/03/06 12:0 a.m.•6 views

Script security sandbox bypass in Job DSL Plugin

Job DSL Plugin supports sandboxed Groovy expressions for Job DSL definitions. Its sandbox protection could be circumvented during parsing, compilation, and script instantiation by providing a crafted Groovy script. This allowed users able to control the Job DSL scripts to bypass the sandbox...

9.9CVSS8.8AI score0.02962EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/03/06 12:0 a.m.•6 views

Missing permission check in Azure VM Agents Plugin allowed modifying VM configuration

A missing permission check in an HTTP endpoint allowed users with Overall/Read access to attach a public IP address to an Azure VM in Azure VM Agents Plugin, making a virtual machine publicly accessible. Additionally, this form validation method did not require POST requests, resulting in a CSRF...

4.3CVSS5.2AI score0.00914EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/03/06 12:0 a.m.•6 views

Script security sandbox bypass in Matrix Project Plugin

Matrix Project Plugin supports a sandboxed Groovy expression to filter matrix combinations. Its sandbox protection could be circumvented during parsing, compilation, and script instantiation by providing a crafted Groovy script. This allowed users able to configure a Matrix project to bypass the...

9.9CVSS8.8AI score0.03394EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/02/19 12:0 a.m.•6 views

Sandbox Bypasses in Script Security Plugin

The previously implemented script security sandbox protections prohibiting the use of unsafe AST transforming annotations such as @Grab 2019-01-08 fix for SECURITY-1266 could be circumvented through use of various Groovy language features: Use of AnnotationCollector Import aliasing Referencing...

8.8CVSS8.4AI score0.0299EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/01/28 12:0 a.m.•6 views

Sandbox Bypass in Groovy Plugin

Groovy Plugin has a form validation HTTP endpoint used to validate a user-submitted Groovy script through compilation, which was not subject to sandbox protection. This allowed attackers with Overall/Read access to execute arbitrary code on the Jenkins controller by applying AST transforming...

8.8CVSS8.5AI score0.0155EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/01/28 12:0 a.m.•6 views

Recursive token expansion results in information disclosure and DoS in Token Macro Plugin

Token Macro Plugin recursively applied token expansion. This could be used by users able to affect input to token expansion such as change log messages, to inject additional tokens into the input, which would then be expanded, resulting in information disclosure for example values of environment...

8.1CVSS6.3AI score0.02039EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/01/28 12:0 a.m.•6 views

XSS vulnerability via user description in Blue Ocean

Blue Ocean did not properly escape HTML/JavaScript content set on the current user's description field, resulting in a cross-site scripting vulnerability exploitable by administrators and other people accessing Jenkins with the same user account. Blue Ocean now properly escapes HTML/JavaScript...

5.4CVSS5.9AI score0.01227EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/01/28 12:0 a.m.•6 views

XSS vulnerability in Config File Provider Plugin

Config File Provider Plugin improperly handled script names in its JavaScript-based UI, resulting in a stored cross-site scripting XSS vulnerability. Config File Provider Plugin now properly handles script names...

4.8CVSS5.9AI score0.0088EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/01/28 12:0 a.m.•6 views

XXE vulnerability in Job Import Plugin

Job Import Plugin allows to import jobs from other Jenkins instances. As a first step in this process, Job Import Plugin sends a request to another Jenkins instance, parsing XML REST API output to obtain a list of jobs that could be imported. Job Import Plugin did not configure the XML parser in ...

9.1CVSS8.3AI score0.01825EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/01/28 12:0 a.m.•6 views

CSRF vulnerability in Job Import Plugin allowed creating and overwriting jobs, installing some plugins

Job Import Plugin did not require that POST requests are sent to its /import URL, which processes requests to import jobs. This resulted in a cross-site request forgery CSRF vulnerability that could be exploited to create or replace jobs on the local instance if the remote Jenkins instance has...

5.3CVSS5.6AI score0.00524EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/01/28 12:0 a.m.•6 views

Session fixation vulnerability in GitHub Authentication Plugin

GitHub Authentication Plugin did not invalidate the previous session and create a new one upon successful login, allowing attackers able to control or obtain another user's pre-login session ID to impersonate them. GitHub Authentication Plugin now invalidates the previous session during login and...

6.5CVSS5.9AI score0.00852EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/01/16 12:0 a.m.•6 views

Deleting a user in an external security realm did not invalidate their session or 'Remember me' cookie

When using an external security realm such as LDAP or Active Directory, deleting a user from the security realm does not result in the user losing access to Jenkins. While deleting the user record from Jenkins did invalidate the 'Remember me' cookie, there was no way to invalidate active sessions...

7.2CVSS6.3AI score0.01619EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/12/05 12:0 a.m.•6 views

Forced migration of user records

The fix for SECURITY-499 introduced a mechanism that renamed user directories on disk as a user with an unsafe user name user ID is loaded. Insufficient input validation allowed attackers to rename such user directories even for users with a safe user name by submitting a crafted user name when...

8.2CVSS6.5AI score0.06762EPSS
Exploits1Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/10/10 12:0 a.m.•6 views

Reflected XSS vulnerability

The wrapper query parameter for the XML variant of the Jenkins remote API did not validate the specified tag name. This resulted in a reflected cross-site scripting vulnerability. Only legal XML tag names are now allowed for the wrapper query parameter...

6.1CVSS6.3AI score0.01534EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/10/10 12:0 a.m.•6 views

Ephemeral user record was created on some invalid authentication attempts

When attempting to authenticate using API token, an ephemeral user record was created to validate the token in case an external security realm was used, and the user record in Jenkins not previously saved, as legacy API tokens could exist without a persisted user record. This behavior could be...

7.5CVSS6.5AI score0.01673EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/10/10 12:0 a.m.•6 views

Ephemeral user record creation

By accessing a specific crafted URL on Jenkins instances using Jenkins' own user database, users without Overall/Read access could create ephemeral user records. This behavior could be abused to create a large number of ephemeral user records in memory. Accessing this URL now no longer results in...

6.5CVSS6.5AI score0.0147EPSS
Exploits3Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/10/10 12:0 a.m.•6 views

Arbitrary file write vulnerability using file parameter definitions

Users with Job/Configure permission could specify a relative path escaping the base directory in the file name portion of a file parameter definition. This path would be used to archive the uploaded file on the Jenkins controller, resulting in an arbitrary file write vulnerability. File parameter...

6.5CVSS6.7AI score0.04021EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/10/10 12:0 a.m.•6 views

Session fixation vulnerability on user signup

When signing up for a new user account on instances using Jenkins' own user database, Jenkins did not invalidate the existing session and create a new one. This allowed session fixation. Jenkins now invalidates the existing session and creates a new one when logging in after user signup...

5.8CVSS6.3AI score0.01217EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•6 views

CSRF vulnerability and missing permission checks in Jira Plugin allowed capturing credentials

Jira Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS6.3AI score0.01194EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•6 views

CSRF vulnerability in Config File Provider Plugin

A URL used to save configuration files based on form submissions did not require POST requests, resulting in a CSRF vulnerability. This URL now requires POST requests...

8.1CVSS7.8AI score0.00835EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•6 views

CSRF vulnerability in Email Extension Template Plugin

Some URLs implementing form submission handling in Email Extension Template Plugin did not require POST requests, resulting in a CSRF vulnerability that allowed attackers to create or remove templates. These URLs now require POST requests...

8.1CVSS7.8AI score0.00788EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•6 views

PAM Authentication Plugin did not properly validate user accounts

The pam4j library bundled in PAM Authentication Plugin had a bug that resulted in it not properly validating user accounts. The bundled version of the library was updated to include the fix for this...

6.5CVSS6.3AI score0.01511EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•6 views

Unprivileged users with Overall/Read access are able to enumerate credential IDs in HipChat Plugin

HipChat Plugin provides a list of applicable credential IDs to allow administrators configuring the plugin to select the one to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of ...

6.5CVSS6.5AI score0.01641EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•6 views

Server-side request forgery vulnerability in Crowd 2 Integration Plugin

Crowd 2 Integration Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL with attacker-specified credentials and connection settings. Additionally, this form validation...

6.5CVSS6.5AI score0.00769EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1464