1464 matches found
Incorrect permission check in cloudbees-jenkins-advisor
cloudbees-jenkins-advisor 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to view an administrative configuration page. cloudbees-jenkins-advisor 3.2.1 requires Overall/Administer to view its administrative...
OS command execution vulnerability in perfecto
perfecto allows specifying Perfecto Connect Path and Perfecto Connect File Name in job configurations. This command is executed on the Jenkins controller in perfecto 1.17 and earlier, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller. perfecto 1....
Stored XSS vulnerability in android-lint
android-lint 2.6 and earlier does not escape the annotation message in tooltips. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to the 'Publish Android Lint results' post-build step. As of publication of this advisory, there i...
Stored XSS vulnerability in covcomplplot
covcomplplot 1.1.1 and earlier does not escape the method information in tooltips. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to the 'Publish Coverage / Complexity Scatter Plot' post-build step. As of publication of this...
Arbitrary file read vulnerability in Storable Configs
Storable Configs 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller. As of publication of this advisory, there is no fix...
Missing permission check in perfecto
perfecto 1.17 and earlier does not perform a permission check in a method implementing a connection test. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified username and password. perfecto 1.18 requires Overall/Administer...
Stored XSS vulnerability in locked-files-report
locked-files-report 1.6 and earlier does not escape locked files' names in tooltips. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission. As of publication of this advisory, there is no fix...
CSRF vulnerability and missing permission checks in elastest
elastest 1.2.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. Additionally, this form validation method does not require POST...
Arbitrary file read vulnerability in Copy data to workspace
Copy data to workspace allows users to copy files from the Jenkins controller to job workspaces. Copy data to workspace 1.0 and earlier does not limit which directories can be copied. This allows attackers with Job/Configure permission to read arbitrary files on the Jenkins controller. As of...
Stored XSS vulnerability in custom-job-icon
custom-job-icon 0.2 and earlier does not escape the job descriptions in tooltips. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission. As of publication of this advisory, there is no fix...
Stored XSS vulnerability in description-column-plugin
description-column-plugin 1.3 and earlier does not escape the job description in the column tooltips. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission. As of publication of this advisory, there is no fix...
Missing permission check in blueocean
Updated 2020-09-16: This entry previously misidentified the problematic behavior. The HTTP request itself is legitimate, but only authorized users should be able to perform it. blueocean 1.23.2 and earlier does not perform permission checks in several HTTP endpoints implementing connection tests...
Stored XSS vulnerability in valgrind
valgrind 0.28 and earlier does not escape content in Valgrind XML reports. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control Valgrind XML report contents. As of publication of this advisory, there is no fix...
XXE vulnerability in klocwork
klocwork 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the Klocwork plugin parser to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins...
Credentials stored in plain text by tfs
tfs 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file hudson.plugins.tfs.TeamPluginGlobalConfig.xml on the Jenkins controller as part of its configuration. This secret can be viewed by attackers with access to the Jenkins controller file system. As of...
Passwords stored in plain text by soapui-pro-functional-testing
soapui-pro-functional-testing 1.3 and earlier stores project passwords unencrypted in job config.xml files as part of its configuration. These project passwords can be viewed by attackers with Extended Read permission or access to the Jenkins controller file system. soapui-pro-functional-testing...
Passwords transmitted in plain text by soapui-pro-functional-testing
soapui-pro-functional-testing stores project passwords in job config.xml files on the Jenkins controller as part of its configuration. While these passwords are stored encrypted on disk since soapui-pro-functional-testing 1.4, they are transmitted in plain text as part of the global configuration...
Stored XSS vulnerability in vmanager-plugin
vmanager-plugin 3.0.4 and earlier does not escape build descriptions in tooltips. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Run/Update permission. vmanager-plugin 3.0.5 removes affected tooltips...
CSRF vulnerability in database
database 1.6 and earlier does not require POST requests for the database console, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to execute arbitrary SQL scripts. database 1.7 removes the database console...
Secret stored in plain text by Parameterized-Remote-Trigger
Parameterized-Remote-Trigger 3.1.3 and earlier stores a secret unencrypted in its global configuration file org.jenkinsci.plugins.ParameterizedRemoteTrigger.RemoteBuildConfiguration.xml on the Jenkins controller as part of its configuration. This secret can be viewed by attackers with access to t...
XSS vulnerability in build-failure-analyzer
build-failure-analyzer 1.27.0 and earlier does not escape matching text in a form validation response. This results in a cross-site scripting XSS vulnerability exploitable by attackers able to provide console output for builds used to test build log indications. build-failure-analyzer 1.27.1...
CSRF vulnerability and missing permission checks in database
database 1.6 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified username and password. Additionally, this form validation...
Stored XSS vulnerability in git-parameter
git-parameter 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission. git-parameter 0.9.13 escapes the repository field on the 'Build with...
Reflected XSS vulnerability in JSGames
JSGames 0.2 and earlier evaluates part of a URL as code. This results in a reflected cross-site scripting XSS vulnerability. As of publication of this advisory, there is no fix...
XXE vulnerability in valgrind
valgrind 0.28 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the Valgrind plugin parser to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins...
Buffer corruption in bundled Jetty
Jenkins bundles Winstone-Jetty, a wrapper around Jetty, to act as HTTP and servlet server when started using java -jar jenkins.war. This is how Jenkins is run when using any of the installers or packages, but not when run using servlet containers such as Tomcat. Jenkins 2.224 through 2.242 and LT...
CSRF vulnerability in flaky-test-handler
flaky-test-handler 1.0.4 and earlier does not require POST requests for the "Deflake this build" feature, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to rebuild a project at a previous git revision where the tests were failing. As of publicati...
Stored XSS vulnerability in yet-another-build-visualizer
yet-another-build-visualizer 1.11 and earlier does not escape tooltip content. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Run/Update permission. yet-another-build-visualizer 1.12 escapes tooltip content...
Stored XSS vulnerability in project naming strategy
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description that is displayed on item creation. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Overall/Manage permission. Jenkins 2.252, LTS 2.235.4 escapes th...
Missing permission check in pipeline-maven allows enumerating credentials IDs
pipeline-maven 3.8.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read access to Jenkins to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...
Stored XSS vulnerability in 'Trigger builds remotely'
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely'. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication...
CSRF vulnerability and missing permission check in pipeline-maven allow capturing credentials
pipeline-maven 3.8.2 and earlier does not perform a permission check in a method implementing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially...
Stored XSS vulnerability in help icons
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons. Tooltip values can be contributed by plugins, some of which use user-specified values. This results in a stored cross-site scripting XSS vulnerability. Jenkins 2.252, LTS 2.235.4 escapes the...
SMTP password transmitted and displayed in plain text by email-ext
email-ext stores an SMTP password in its global configuration file hudson.plugins.emailext.ExtendedEmailPublisher.xml on the Jenkins controller as part of its configuration. While this password is stored encrypted on disk, it is transmitted and displayed in plain text as part of the configuration...
Stored XSS vulnerability in single axis builds tooltips in matrix-project
matrix-project 1.16 and earlier does not escape node names shown in tooltips on the overview page of builds with a single axis. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Agent/Configure permission. matrix-project 1.17 escapes the node names shown in...
Improper authorization of users and groups with the same base name in gitlab-oauth
gitlab-oauth 1.5 and earlier does not differentiate between user names and hierarchical group names when performing authorization. This allows an attacker with permissions to create groups in GitLab to gain the privileges granted to another user or group. gitlab-oauth 1.6 performs user name and...
Stored XSS vulnerability in job build time trend
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name on build time trend pages. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Agent/Configure permission. Jenkins 2.245, LTS 2.235.2 escapes the agent name...
Stored XSS vulnerability in multiple axis builds tooltips in matrix-project
matrix-project 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Job/Configure permission. matrix-project 1.17 escapes the axis names shown ...
Stored XSS vulnerability in deployer-framework
deployer-framework is a framework plugin allowing other plugins to provide a way to deploy artifacts. deployer-framework 1.2 and earlier does not escape the URL displayed in the build home page. This results in a stored cross-site scripting XSS vulnerability exploitable by users able to provide t...
Stored XSS vulnerability in console links
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the href attribute of links to downstream jobs displayed in the build console page. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Job/Configure permission. Jenkins 2.245, LTS 2.235.2...
Stored XSS vulnerability in 'keep forever' badge icons
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip. This results in a stored cross-site scripting XSS vulnerability exploitable by users able to configure job names. As job names do not generally support the character set...
Stored XSS vulnerability in matrix-auth
matrix-auth 2.6.1 and earlier does not escape user names shown in the permission table. This results in a stored cross-site scripting XSS vulnerability. When using project-based matrix authorization, this vulnerability can be exploited by a user with Job/Configure or Agent/Configure permission,...
Stored XSS vulnerability in upstream cause
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Job/Configure permission. Jenkins 2.245, LTS 2.235.2 escapes the job display...
CSRF vulnerability and missing permission checks in zephyr-for-jira-test-management
zephyr-for-jira-test-management 1.5 and earlier does not perform a permission check in a method implementing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified host using attacker-specified username and password. Additionally, this form...
Stored XSS vulnerability in link-column
link-column allows users with View/Configure permission to add a new column to list views that contains a user-configurable link. link-column 1.0 and earlier does not filter the URL for these links, allowing the javascript: scheme. This results in a stored cross-site scripting XSS vulnerability...
Credentials stored in plain text by whitesource
whitesource 19.1.1 and earlier stores credentials in plain text as part of its global configuration file org.whitesource.jenkins.pipeline.WhiteSourcePipelineStep.xml and job config.xml files on the Jenkins controller. These credentials could be viewed by users with Extended Read permission in the...
Content-Security-Policy protection for user content disabled by ZAP Pipeline
Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts. ZAP Pipeline 1.9 and earlier globally disables the Content-Security-Policy header for static files served by Jenkins. Th...
Reflected XSS in compatibility-action-storage
compatibility-action-storage 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint. This allows attackers able to update the configured document in MongoDB to inject the payload. This results in a reflected cross-site scripting XSS...
Password stored in plain text by hp-quality-center
hp-quality-center 1.6 and earlier stores a password in plain text in its global configuration file org.jenkinsci.plugins.qc.QualityCenterIntegrationRecorder.xml. This password can be viewed by users with access to the Jenkins controller file system. As of publication of this advisory, there is no...
Users with Overall/Read access could enumerate credentials IDs in fortify-on-demand-uploader
fortify-on-demand-uploader provides a list of applicable credentials IDs to allow users configuring the plugin to select the one to use. This functionality does not correctly check permissions in fortify-on-demand-uploader 6.0.0 and earlier, allowing any user with Overall/Read permission to get a...