Lucene search
K
JenkinsRecent

1464 matches found

Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/01/29 12:0 a.m.•8 views

Jenkins vulnerable to UDP amplification reflection attack

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier supports two network discovery services UDP multicast/broadcast and DNS multicast by default. The UDP multicast/broadcast service can be used in an amplification reflection attack, as very few bytes sent to the respective endpoint result in much...

5.8CVSS6AI score0.03443EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/01/29 12:0 a.m.•6 views

Non-constant time comparison of inbound TCP agent connection secret

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier does not use a constant-time comparison validating the connection secret when an inbound TCP agent connection is initiated. This could potentially allow attackers to use statistical methods to obtain the connection secret. Jenkins 2.219, LTS...

5.3CVSS5.6AI score0.01368EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/01/29 12:0 a.m.•10 views

Diagnostic page exposed session cookies

Jenkins shows various technical details about the current user on the /whoAmI page. In a previous fix, the Cookie header value containing the HTTP session ID was redacted. However, user metadata shown on this page could also include the HTTP session ID in Jenkins 2.218 and earlier, LTS 2.204.1 an...

5.4CVSS5.3AI score0.07044EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/01/29 12:0 a.m.•10 views

Memory usage graphs accessible to anyone with Overall/Read

Jenkins includes a feature that shows a JVM memory usage chart for the Jenkins controller. Access to the chart in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier requires no permissions beyond the general Overall/Read, allowing users who are not administrators to view JVM memory usage data...

4.3CVSS5AI score0.01074EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/01/15 12:0 a.m.•9 views

CSRF vulnerability and missing permission checks in cloudbees-jenkins-advisor

cloudbees-jenkins-advisor 3.0 and earlier does not perform permission checks in methods performing form validation. This allows users with Overall/Read access to send an email with fixed content to an attacker-specified recipient. Additionally, these form validation methods do not require POST...

8.8CVSS6.4AI score0.00844EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/01/15 12:0 a.m.•6 views

CSRF vulnerability and missing permission checks in sounds allow OS command execution

sounds 0.5 and earlier does not perform permission checks in URLs performing form validation. This allows attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins. Additionally, these form validation URLs do not require POST requests, resulting in...

9.3CVSS8.3AI score0.01209EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/01/15 12:0 a.m.•11 views

XXE vulnerability in robot

robot 2.0.0 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the 'Publish Robot Framework' post-build step to have Jenkins parse a crafted file that uses external entities for extraction of secrets fro...

8.8CVSS8.1AI score0.01382EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/01/15 12:0 a.m.•12 views

Reflected XSS vulnerability in gitlab-hook

gitlab-hook 1.4.2 and earlier does not escape project names in the buildnow endpoint. This results in a reflected cross-site scripting vulnerability. As of publication of this advisory, there is no fix...

6.1CVSS5.8AI score0.89434EPSS
Exploits5Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/01/15 12:0 a.m.•6 views

redgate-sql-ci stored credentials in plain text

redgate-sql-ci 2.0.4 and earlier stores a NuGet API key unencrypted in job config.xml files as part of its configuration. This credential could be viewed by users with Extended Read permission or access to the Jenkins controller file system. This is due to an incomplete fix of SECURITY-1598...

4.3CVSS5.1AI score0.00855EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/01/15 12:0 a.m.•8 views

CSRF vulnerability and missing permission checks in ec2

ec2 1.47 and earlier does not perform permission checks in methods performing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method. NOTE: This...

8.8CVSS7.8AI score0.01113EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/12/17 12:0 a.m.•18 views

XXE vulnerability in m2release

m2release retrieves XML from Nexus repository manager APIs. m2release 0.16.1 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. While Jenkins users without Overall/Administer permission are not allowed to configure a custom Nexus URL, this could still be...

8.8CVSS7.5AI score0.00969EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/12/17 12:0 a.m.•6 views

CSRF vulnerability and missing permission checks in websphere-deployer

websphere-deployer 1.6.1 and earlier does not perform permission checks in methods performing form validation. This allows users with Overall/Read access to perform connection tests, determine whether files with an attacker-specified path exist on the Jenkins controller file system, and obtain...

8.8CVSS6.7AI score0.00691EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/12/17 12:0 a.m.•6 views

Users with Overall/Read access can enumerate credential IDs in teamconcert

teamconcert 1.3.0 and earlier provides a list of applicable credential IDs to allow users configuring the plugin to select the one to use. This functionality does not correctly check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those can be...

4.3CVSS5.1AI score0.00647EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/12/17 12:0 a.m.•7 views

CSRF vulnerability and missing permission checks in alauda-devops-pipeline allows capturing credentials

alauda-devops-pipeline 2.3.2 and earlier does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to connect to Kubernetes-related paths on an attacker-specified web server using attacker-specified credentials IDs obtained...

8.8CVSS7AI score0.00852EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/12/17 12:0 a.m.•8 views

CSRF vulnerability and missing permission checks in gerrit-trigger

gerrit-trigger 2.30.1 and earlier does not perform permission checks in methods performing form validation. This allows users with Overall/Read access to perform connection tests, connecting to an HTTP URL or SSH server using attacker-specified credentials, or determine whether files with an...

8.8CVSS6.7AI score0.00691EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/12/17 12:0 a.m.•8 views

redgate-sql-ci stores credentials in plain text

redgate-sql-ci 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins controller as part of its build step configuration. These credentials can be viewed by users with Extended Read permission or access to the Jenkins controller file system. redgate-sql-ci 2.0.4...

6.5CVSS6.5AI score0.00852EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/12/17 12:0 a.m.•8 views

SSL/TLS certificate validation globally and unconditionally disabled by websphere-deployer

websphere-deployer 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM, or specify a new Java keystore from a file stored on the Jenkins controller filesystem. As of publication of this advisory, ther...

7.1CVSS7AI score0.0051EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/12/17 12:0 a.m.•9 views

Stored XSS vulnerability in buildgraph-view

buildgraph-view 1.8 and earlier does not escape the description of builds shown in its view. This results in a stored cross-site scripting vulnerability that can be exploited by users able to change the build description. As of publication of this advisory, there is no fix...

5.4CVSS5.3AI score0.00735EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/12/17 12:0 a.m.•6 views

Stored XSS vulnerability in mission-control-view

mission-control-view 0.9.16 and earlier does not escape job display names and build names in the view it provides. This results in a stored cross-site scripting vulnerability that can be exploited by users able to change these properties. As of publication of this advisory, there is no fix...

5.4CVSS5.3AI score0.00688EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/12/17 12:0 a.m.•10 views

CSRF vulnerability and missing permission checks in teamconcert allows capturing credentials

teamconcert 1.3.0 and earlier does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials...

8.8CVSS6.9AI score0.00798EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/12/17 12:0 a.m.•5 views

SCTMExecutor stores credentials in plain text

SCTMExecutor 2.2 and earlier stores Silk Central credentials in the global Jenkins configuration and in job config.xml files. While these credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form. This can result in exposure of these credential...

5.3CVSS5.4AI score0.00576EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/12/17 12:0 a.m.•12 views

CSRF vulnerability in mantis

mantis 0.26 and earlier does not require POST requests on a connection test method, resulting in a CSRF vulnerability. This allows attackers to have Jenkins connect to Mantis-related paths on an attacker-specified web server using attacker-specified credentials. As of publication of this advisory...

4.3CVSS5.2AI score0.00679EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/12/17 12:0 a.m.•8 views

SSL/TLS certificate validation globally and unconditionally disabled by inflectra-spira-integration

inflectra-spira-integration 3.2.3 and earlier unconditionally disables SSL/TLS certificate validation for the entire Jenkins controller JVM. inflectra-spira-integration 3.2.4 no longer disables SSL/TLS certificate validation...

8.2CVSS7.7AI score0.00592EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/12/17 12:0 a.m.•8 views

CSRF vulnerability and missing permission checks in rapiddeploy-jenkins allow SSRF

rapiddeploy-jenkins 4.1 and earlier does not perform a permission check on form validation methods. This allows users with Overall/Read access to Jenkins to connect to RapidDeploy-related paths on an attacker-specified web server. Additionally, these form validation methods do not require POST...

8.8CVSS5.6AI score0.00714EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/12/17 12:0 a.m.•8 views

weibo stores credentials in plain text

weibo 1.0.1 and earlier stores a credential unencrypted in its global configuration file org.jenkinsci.plugins.weibo.WeiboNotifier.xml on the Jenkins controller. This credential can be viewed by users with access to the Jenkins controller file system. As of publication of this advisory, there is ...

5.5CVSS5.1AI score0.0033EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/12/17 12:0 a.m.•7 views

CSRF vulnerability in alauda-kubernetes-support

alauda-kubernetes-support 2.3.0 and earlier does not require POST requests on a connection test method, resulting in a CSRF vulnerability. This allows attackers to have Jenkins connect to Kubernetes-related paths on an attacker-specified web server using attacker-specified credentials IDs obtaine...

8.8CVSS7.1AI score0.00863EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/12/17 12:0 a.m.•7 views

CSRF vulnerability and missing permission check in build-failure-analyzer allow ReDoS

build-failure-analyzer 1.24.1 and earlier does not perform a permission check in a method performing form validation. This allows users with Overall/Read access to supply a computationally expensive regular expression that will hang the request handling thread. Additionally, this form validation...

8.8CVSS6.3AI score0.01076EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/12/17 12:0 a.m.•8 views

rundeck stored credentials in plain text

rundeck 3.6.5 and earlier stores credentials as part of its global configuration file org.jenkinsci.plugins.rundeck.RundeckNotifier.xml and job config.xml files on the Jenkins controller. These URLs could be viewed by users with Extended Read permission in the case of job config.xml files or acce...

6.5CVSS6.4AI score0.00852EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/12/17 12:0 a.m.•10 views

Stored XSS vulnerability in pipeline-aggregator-view

pipeline-aggregator-view 1.8 and earlier does not escape the information shown on the view it provides, such as stage names or job names. This results in a stored cross-site scripting vulnerability exploitable by users able to configure jobs, define pipeline stages, or otherwise affect the...

5.4CVSS5.4AI score0.00688EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/11/21 12:0 a.m.•10 views

Sandbox bypass vulnerability in script-security

Sandbox protection in script-security could be circumvented through closure default parameter expressions. This allowed attackers able to specify and run sandboxed scripts to execute arbitrary code in the context of the Jenkins controller JVM. These expressions are now subject to sandbox protecti...

8.8CVSS8.4AI score0.01428EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/11/21 12:0 a.m.•6 views

google-compute-engine disclosed environment information to users with Overall/Read permission

google-compute-engine did not verify permissions on multiple auto-complete API endpoints. This allowed users with Overall/Read permissions to view various metadata about the running cloud environment. google-compute-engine now requires the appropriate Job/Configure permission to view these metada...

4.3CVSS5AI score0.00691EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/11/21 12:0 a.m.•6 views

CSRF vulnerability in google-compute-engine allowed provisioning agents

google-compute-engine did not require POST requests on an API endpoint. This CSRF vulnerability allowed attackers to provision new agents. google-compute-engine now requires POST requests for this API endpoint...

8.8CVSS6.4AI score0.00691EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/11/21 12:0 a.m.•8 views

support-core allowed users with Overall/Read permission to delete arbitrary files

support-core did not validate the paths submitted for the "Delete Support Bundles" feature. This allowed users to delete arbitrary files on the Jenkins controller file system accessible to the OS user account running Jenkins. Additionally, this endpoint did not perform a permission check, allowin...

7.1CVSS6.7AI score0.01606EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/11/21 12:0 a.m.•8 views

Folder-scoped Jira sites in jira were able to access System-scoped credentials

jira allows the definition of per-folder Jira sites. The credentials lookup for this feature did not set the appropriate context, allowing the use of System-scoped credentials otherwise reserved for use in the global configuration. This allowed users with Item/Configure permission on the folder t...

9.9CVSS7.5AI score0.01647EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/11/21 12:0 a.m.•6 views

qmetry-for-jira-test-management stored credentials in plain text

qmetry-for-jira-test-management stored credentials unencrypted in job config.xml files on the Jenkins controller as part of its post-build step configuration. This credential could be viewed by users with Extended Read permission or access to the Jenkins controller file system...

8.8CVSS6.4AI score0.00833EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/11/21 12:0 a.m.•6 views

qmetry-for-jira-test-management shows plain text password in configuration form

qmetry-for-jira-test-management stores a credential as part of its post-build step configuration. While the password is stored encrypted on disk since qmetry-for-jira-test-management 1.13, it is transmitted in plain text as part of the configuration form. This can result in exposure of the passwo...

6.5CVSS5AI score0.00541EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/11/21 12:0 a.m.•7 views

inflectra-spira-integration stored credentials in plain text

inflectra-spira-integration stored a credential unencrypted in its global configuration file com.inflectra.spiratest.plugins.SpiraBuilder.xml on the Jenkins controller. This credential could be viewed by users with access to the Jenkins controller file system. inflectra-spira-integration now stor...

5.5CVSS5.7AI score0.00323EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/11/21 12:0 a.m.•8 views

anchore-container-scanner stored credentials in plain text

anchore-container-scanner stored an Anchore.io service password unencrypted in job config.xml files as part of its configuration. This credential could be viewed by users with Extended Read permission or access to the Jenkins controller file system. As the affected functionality has been...

6.5CVSS6.3AI score0.00852EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/11/21 12:0 a.m.•6 views

google-compute-engine did not verify SSH host keys

google-compute-engine did not use SSH host key verification when connecting to VMs launched by the plugin. This lack of verification could be abused by a MitM attacker to intercept these connections to attacker-specified build agents without warning. google-compute-engine now verifies SSH host ke...

6.8CVSS6.4AI score0.00868EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/10/23 12:0 a.m.•23 views

bitbucket-oauth stored credentials in plain text

bitbucket-oauth stored a credential unencrypted in the global config.xml configuration file on the Jenkins controller. This credential could be viewed by users with access to the Jenkins controller file system. bitbucket-oauth now stores this credential encrypted...

7.8CVSS7.3AI score0.00333EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/10/23 12:0 a.m.•8 views

Missing permission check in dynatrace-dashboard

dynatrace-dashboard does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to initiate a connection test to an attacker-specified server with attacker-specified username and password. As of publication of this advisory,...

6.5CVSS6.4AI score0.00836EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/10/23 12:0 a.m.•6 views

CSRF vulnerability and missing permission checks in kubernetes-ci allowed capturing credentials

kubernetes-ci does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkin...

8.8CVSS7AI score0.00836EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/10/23 12:0 a.m.•7 views

Users with Overall/Read access could enumerate credential IDs in kubernetes-ci

kubernetes-ci provides a list of applicable credential IDs to allow users configuring the plugin to select the one to use. This functionality does not correctly check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those can be used as part of a...

6.5CVSS6.4AI score0.00836EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/10/23 12:0 a.m.•7 views

Reflected XSS vulnerability in build-metrics

build-metrics does not properly escape the label query parameter, resulting in a reflected cross-site scripting vulnerability. As of publication of this advisory, there is no fix...

6.1CVSS5.8AI score0.57735EPSS
Exploits5Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/10/23 12:0 a.m.•17 views

mattermost stored webhook endpoint token in plain text

Mattermost allows the definition of incoming from the perspective of the service webhook URLs. These contain what is effectively a secret token as part of the URL. mattermost stored these webhook URLs as part of its global configuration file jenkins.plugins.mattermost.MattermostNotifier.xml and j...

6.5CVSS6.5AI score0.00927EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/10/23 12:0 a.m.•9 views

zulip stored credentials in plain text

zulip stored a credential unencrypted in its global configuration file jenkins.plugins.zulip.ZulipNotifier.xml, as well as in the legacy configuration file hudson.plugins.humbug.HumbugNotifier.xml on the Jenkins controller. This credential could be viewed by users with access to the Jenkins...

7.8CVSS7.3AI score0.00333EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/10/23 12:0 a.m.•8 views

dynatrace-dashboard stored credentials in plain text

dynatrace-dashboard stored a credential unencrypted in its global configuration file com.dynatrace.jenkins.dashboard.TAGlobalConfiguration.xml on the Jenkins controller. This credential could be viewed by users with access to the Jenkins controller file system. dynatrace-dashboard now stores this...

7.8CVSS7.3AI score0.00333EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/10/23 12:0 a.m.•6 views

CSRF vulnerability in dynatrace-dashboard

dynatrace-dashboard did not require POST requests on a method implementing form validation. This CSRF vulnerability allowed attackers to initiate a connection test to an attacker-specified server with attacker-specified username and password. dynatrace-dashboard now requires POST requests for thi...

8.1CVSS7.8AI score0.007EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/10/23 12:0 a.m.•9 views

Users with Overall/Read access could enumerate credential IDs in libvirt-slave

libvirt-slave provides a list of applicable credential IDs to allow users configuring the plugin to select the one to use. This functionality does not correctly check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those can be used as part of a...

4.3CVSS5.1AI score0.00678EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/10/23 12:0 a.m.•9 views

CSRF vulnerability and missing permission checks in libvirt-slave allowed capturing credentials

libvirt-slave does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in...

8.8CVSS7AI score0.00836EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1464