1464 matches found
Agent-to-controller security bypass in compuware-ispw-operations
compuware-ispw-operations defines a controller/agent message that retrieves Java system properties. compuware-ispw-operations 1.0.8 and earlier does not restrict execution of the controller/agent message to agents. This allows attackers able to control agent processes to retrieve Java system...
Agent-to-controller security bypass in compuware-zadviser-api
compuware-zadviser-api defines a controller/agent message that retrieves Java system properties. compuware-zadviser-api 1.0.3 and earlier does not restrict execution of the controller/agent message to agents. This allows attackers able to control agent processes to retrieve Java system properties...
Missing permission checks in repository-connector allow enumerating credentials IDs
repository-connector 2.2.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...
Non-constant time webhook signature comparison in github
github 1.34.4 and earlier does not use a constant-time comparison when checking whether the provided and computed webhook signatures are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook signature. github 1.34.5 uses a constant-time comparison when...
Missing permission checks in compuware-scm-downloader
compuware-scm-downloader 2.0.12 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. Those credentials IDs can be...
Missing permission check in repository-connector allows listing the Jenkins controller file system
repository-connector 2.2.0 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. A sequence of requests can b...
CSRF vulnerability and missing permission check in openshift-deployer
openshift-deployer 1.2.0 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from...
Missing permission checks in hashicorp-vault-plugin allow capturing credentials
hashicorp-vault-plugin 354.vdb858fd6bf48 and earlier does not perform permission checks in several HTTP endpoints performing Vault connection tests. This allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys. hashicorp-vault-plug...
Missing permission check in rhnpush-plugin allows listing workspace contents
rhnpush-plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. A...
CSRF vulnerability in jobConfigHistory
jobConfigHistory 1155.v28a46acc06a5 and earlier does not require POST requests for several HTTP endpoints, resulting in cross-site request forgery CSRF vulnerabilities. These vulnerabilities allow attackers to delete entries from job, agent, and system configuration history, or restore older...
Missing permission check in deployer-framework allows reading deployment logs
deployer-framework 85.v1d1888e8c021 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Item/Read permission to read deployment logs. deployer-framework 86.v7ba4a55bf3ec requires Deploy Now/Deploy permission to read deployment logs...
Path traversal vulnerability in deployer-framework
deployer-framework 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation. This allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. deployer-framework...
Missing permission check in rpmsign-plugin allows listing workspace contents
rpmsign-plugin 0.5.0 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. A...
Missing permission checks in compuware-xpediter-code-coverage
compuware-xpediter-code-coverage 1.0.7 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. Those credentials IDs...
Missing permission checks in compuware-ispw-operations
compuware-ispw-operations 1.0.8 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. Those credentials IDs can be...
Stored XSS vulnerability in dynamic_extended_choice_parameter
dynamicextendedchoiceparameter 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. As of publication of this advisory, there is no fix. Learn...
Stored XSS vulnerability in maven-metadata-plugin
maven-metadata-plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. As of publication of this advisory...
Arbitrary file write vulnerability in clif-performance-testing
clif-performance-testing 64.vc0d66de1dfbf and earlier allows users to extract files from an archive without validating file paths of files contained within the archive. This allows attackers with Overall/Read permission to create or replace arbitrary files on the Jenkins controller file system wi...
CSRF vulnerability and missing permission check in openshift-deployer
openshift-deployer 1.2.0 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. Additionally, this form validation method...
Missing permission checks in openstack-heat allow listing the Jenkins controller file system
openstack-heat 1.5 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. A sequence of requests can be used to...
Missing permission check in android-signing allows listing workspace contents
android-signing 2.2.5 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. A...
CSRF vulnerability and missing permission check in coverity allow capturing credentials
coverity 1.11.4 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CSRF vulnerability in external-monitor-job
external-monitor-job 191.v363d0d1efdf8 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to create runs of an external job. external-monitor-job 192.ve979ca8b3ccd requires POST request...
CSRF vulnerability and missing permission checks in openstack-heat
openstack-heat 1.5 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, these form validation methods do not require POST requests, resulting in a cross-sit...
Missing permission check in files-found-trigger allows listing the Jenkins controller file system
files-found-trigger 1.5 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. A sequence of requests can be...
Missing permission checks in compuware-topaz-utilities
compuware-topaz-utilities 1.0.8 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. Those credentials IDs can be...
CSRF vulnerability and missing permission check in google-cloud-backup
google-cloud-backup 0.6 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to request a manual backup. Additionally, this HTTP endpoint does not require POST requests, resulting in a cross-site request forgery CSRF vulnerability...
Missing permission check in buckminster
buckminster 1.1.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. A sequence of requests can be used to...
Passwords stored in plain text by http_request
httprequest 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file jenkins.plugins.httprequest.HttpRequest.xml on the Jenkins controller as part of its configuration when using deprecated Basic/Digest Authentication. These passwords can be viewed by users with...
Lack of authentication mechanism in git webhook
git provides a webhook endpoint at /git/notifyCommit that can be used to notify Jenkins of changes to an SCM repository. For its most basic functionality, this endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. In git 4.11....
CSRF vulnerability in rrod
rrod 1.1.0 and earlier does not require POST requests for HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to accept pending requests, thereby renaming or deleting jobs. As of publication of this advisory, there is no fix. Learn why ...
Missing permission checks in build-metrics
build-metrics 1.3 and earlier does not perform a permission check in multiple HTTP endpoints. This allows attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them. As of publication of this advisory, there is no fix. Learn why we announce this...
Password stored in plain text by skype-notifier
skype-notifier 1.1.0 and earlier stores a password unencrypted in its global configuration file hudson.plugins.skype.im.transport.SkypePublisher.xml on the Jenkins controller as part of its configuration. This password can be viewed by users with access to the Jenkins controller file system. As o...
CSRF vulnerability and missing permission checks in failedJobDeactivator allow disabling jobs
failedJobDeactivator 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints. This allows attackers with Overall/Read permission to disable jobs. Additionally, these endpoints do not require POST requests, resulting in a cross-site request forgery CSRF...
XSS vulnerability in testng-plugin
testng-plugin has options in its post-build step configuration to not escape test descriptions and exception messages. If those options are unchecked, testng-plugin 554.va4a552116332 and earlier renders the unescaped text provided in test results. This results in a cross-site scripting XSS...
XSS vulnerability in project-inheritance
project-inheritance 21.04.03 and earlier does not escape the reason a build is blocked in tooltips. This results in a cross-site scripting XSS vulnerability exploitable by attackers able to control the reason a queue item is blocked. As of publication of this advisory, there is no fix. Learn why ...
CSRF vulnerability and missing permission checks in Recipe allow XXE
Recipe 1.2 and earlier does not perform a permission check in multiple HTTP endpoints. This allows attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. As the plugin does not configure its XML parser to prevent XML external...
Stored XSS vulnerability in ec2-deployment-dashboard
ec2-deployment-dashboard 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Configure permission. As of publication of this advisory, there is no fix. Learn why w...
Secrets stored in plain text by rocketchatnotifier
rocketchatnotifier 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file RocketChatNotifier.xml on the Jenkins controller as part of its configuration. These secrets can be viewed by users with access to the Jenkins controller file system. As o...
API Key stored in plain text by opsgenie
opsgenie 1.9 and earlier stores API keys unencrypted in its global configuration file com.opsgenie.integration.jenkins.OpsGenieNotifier.xml and in job config.xml files on the Jenkins controller as part of its configuration. Additionally, they are transmitted in plain text as part of the respectiv...
Password stored in plain text by jigomerge
jigomerge 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These passwords can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. As of publication of this advisory, the...
Missing permission checks in xlrelease-plugin allow enumerating credentials IDs
xlrelease-plugin 22.0.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...
Stored XSS vulnerability in build-metrics
build-metrics 1.3 does not escape the build description on one of its views. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Build/Update permission. As of publication of this advisory, there is no fix. Learn why we announce this...
Stored XSS vulnerability in rich-text-publisher-plugin
rich-text-publisher-plugin 1.4 and earlier does not escape the HTML message set by its post-build step. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs. As of publication of this advisory, there is no fix. Learn why we announce this...
Password stored in plain text by rqm-plugin
rqm-plugin 2.8 and earlier stores a password unencrypted in its global configuration file net.praqma.jenkins.rqm.RqmBuilder.xml on the Jenkins controller as part of its configuration. This password can be viewed by users with access to the Jenkins controller file system. As of publication of this...
Incorrect permission check in rrod
rrod 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to view an administrative configuration page listing pending requests. As of publication of this advisory, there is no fix. Learn why we announce this...
CSRF vulnerability and missing permission checks in xlrelease-plugin allow capturing credentials
xlrelease-plugin 22.0.0 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing...
Stored XSS vulnerability in matrix-reloaded
matrix-reloaded 1.1.3 and earlier does not escape the agent name in tooltips. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission. As of publication of this advisory, there is no fix. Learn why we announce this...
Password stored in plain text by ec2-deployment-dashboard
ec2-deployment-dashboard 1.0.10 and earlier stores a password unencrypted in its global configuration file de.codecentric.jenkins.dashboard.DashboardView.xml on the Jenkins controller as part of its configuration. This password can be viewed by users with access to the Jenkins controller file...
CSRF vulnerability and missing permission checks in xpath-config-viewer
xpath-config-viewer 1.1.1 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to create and delete XPath expressions. Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request forgery...