1464 matches found
mabl-integration stores credentials in plain text
mabl-integration stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
sametime stores credentials in plain text
sametime stores credentials unencrypted in its global configuration file hudson.plugins.sametime.im.transport.SametimePublisher.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...
cloudcoreo-deploytime stores credentials in plain text
cloudcoreo-deploytime stores credentials unencrypted in its global configuration file com.cloudcoreo.plugins.jenkins.CloudCoreoBuildWrapper.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...
deployhub stores credentials in plain text
deployhub stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin
Sandbox protection in the Script Security and Pipeline: Groovy Plugins could be circumvented through methods supporting type casts and type coercion. This allowed attackers to invoke constructors for arbitrary types. Script Security and Pipeline: Groovy have been hardened to prevent these methods...
XSS vulnerability in Lockable Resources Plugin
Lockable Resources Plugin did not properly escape resource names in generated JavaScript code, thus leading to a cross-site scripting XSS vulnerability. The plugin now properly escapes resource names in its scripts...
ECS Publisher Plugin stored and displayed API token in plain text
ECS Publisher Plugin stored the API token unencrypted in jobs' config.xml files and its global configuration file on the Jenkins controller. This token could be viewed by users with Extended Read permission, or access to the Jenkins controller file system. Additionally, the API token was not mask...
PRQA Plugin stored password in plain text
PRQA Plugin stored a password unencrypted in its global configuration file on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system. The plugin now stores the password encrypted in the configuration files on disk...
Unprivileged users with Overall/Read access were able to enumerate credential IDs in Arxan MAM Publisher Plugin
Arxan MAM Publisher Plugin provides a list of applicable credential IDs to allow administrators configuring the plugin to select the one to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used...
CSRF vulnerability and missing permission checks in Slack Notification Plugin allowed capturing credentials
Slack Notification Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stor...
SSRF vulnerability due to missing permission check in Fortify on Demand Uploader Plugin
A missing permission check in multiple form validation methods in Fortify on Demand Uploader Plugin allowed users with Overall/Read permission to initiate a connection test to an attacker-specified server. Additionally, the form validation methods did not require POST requests, resulting in a CSR...
Codebeamer Test Results Trend Updater Plugin stored password in plain text
Codebeamer Test Results Trend Updater Plugin stored username and password in its configuration unencrypted in jobs' config.xml files on the Jenkins controller. This password could be viewed by users with Extended Read permission, or access to the Jenkins controller file system. The plugin now...
Script security sandbox bypass in Groovy Plugin
Groovy Plugin supports sandboxed Groovy expressions for its "System Groovy" functionality. Its sandbox protection could be circumvented during parsing, compilation, and script instantiation by providing a crafted Groovy script. This affected both System Groovy script execution as well as an HTTP...
Unprivileged users with Overall/Read access are able to enumerate credential IDs in Azure VM Agents Plugin
Azure VM Agents Plugin provides a list of applicable credential IDs to allow administrators configuring the plugin to select the one to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as...
AppDynamics Dashboard Plugin stored password in plain text
AppDynamics Dashboard Plugin stored username and password in its configuration unencrypted in jobs' config.xml files on the Jenkins controller. This password could be viewed by users with Extended Read permission, or access to the Jenkins controller file system. While masked from view using a...
Rabbit-MQ Publisher Plugin stored password in plain text
Rabbit-MQ Publisher Plugin stored the username and password in its configuration unencrypted in its global configuration file on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system. The plugin now stores the password encrypted in the...
OSF Builder Suite For Salesforce Commerce Cloud :: Deploy Plugin stored password in plain text
OSF Builder Suite For Salesforce Commerce Cloud : : Deploy Plugin stored the HTTP proxy username and password in its configuration unencrypted in its global configuration file on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system. The...
Sandbox bypass in Pipeline: Groovy Plugin
Pipeline: Groovy sandbox protection could be circumvented during parsing, compilation, and script instantiation by providing a crafted Groovy script. This allowed users able to control the contents of a pipeline to bypass the sandbox protection and execute arbitrary code on the Jenkins controller...
SSRF and data modification vulnerability due to missing permission check in Bitbar Run-in-Cloud
A missing permission check in a method performing both form validation and saving new configuration in Bitbar Run-in-Cloud Plugin allowed users with Overall/Read permission to have Jenkins connect to an attacker-specified host with attacker-specified credentials, and, if successful, save that as...
Sandbox bypass in Script Security Plugin
Script Security sandbox protection could be circumvented during parsing, compilation, and script instantiation by providing a crafted Groovy script. Script Security Plugin is now newly applying sandbox protection during these phases. This affected both script execution typically invoked from othe...
Script security sandbox bypass in Matrix Project Plugin
Matrix Project Plugin supports a sandboxed Groovy expression to filter matrix combinations. Its sandbox protection could be circumvented during parsing, compilation, and script instantiation by providing a crafted Groovy script. This allowed users able to configure a Matrix project to bypass the...
Script security sandbox bypass in Email Extension Plugin
Email Extension Plugin supports sandboxed Groovy expressions for multiple features. Its sandbox protection could be circumvented during parsing, compilation, and script instantiation by providing a crafted Groovy script. This allowed users able to control the plugin's job-specific configuration t...
Script security sandbox bypass in Job DSL Plugin
Job DSL Plugin supports sandboxed Groovy expressions for Job DSL definitions. Its sandbox protection could be circumvented during parsing, compilation, and script instantiation by providing a crafted Groovy script. This allowed users able to control the Job DSL scripts to bypass the sandbox...
Information disclosure in Azure VM Agents Plugin
A missing permission check in a form validation method in Azure VM Agents Plugin allowed users with Overall/Read access to verify a submitted configuration, obtaining limited information about the Azure account and configuration. Additionally, this form validation method did not require POST...
Missing permission check in Azure VM Agents Plugin allowed modifying VM configuration
A missing permission check in an HTTP endpoint allowed users with Overall/Read access to attach a public IP address to an Azure VM in Azure VM Agents Plugin, making a virtual machine publicly accessible. Additionally, this form validation method did not require POST requests, resulting in a CSRF...
Repository Connector Plugin stored password in plain text
Repository Connector Plugin stored the username and password in its configuration unencrypted in its global configuration file on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system. The plugin now stores the password encrypted in the...
Missing permission check allowed connecting to RabbitMQ in Rabbit-MQ Publisher Plugin
A missing permission check in a form validation method of Rabbit-MQ Publisher Plugin allowed users with Overall/Read access to have Jenkins initiate a RabbitMQ connection to an attacker-specified host and port with an attacker-specified username and password. Additionally, this form validation...
Sandbox Bypasses in Script Security Plugin
The previously implemented script security sandbox protections prohibiting the use of unsafe AST transforming annotations such as @Grab 2019-01-08 fix for SECURITY-1266 could be circumvented through use of various Groovy language features: Use of AnnotationCollector Import aliasing Referencing...
CSRF vulnerability and missing permission checks in Cloud Foundry Plugin allowed capturing credentials
Cloud Foundry Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in...
ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation
ElectricFlow Plugin unconditionally disabled SSL/TLS certificate validation for the entire Jenkins controller JVM. ElectricFlow Plugin 1.1.5 and newer no longer do that...
SSRF vulnerability due to missing permission check in Mattermost Notification Plugin
A missing permission check in a form validation method in Mattermost Notification Plugin allowed users with Overall/Read permission to initiate a connection test, connecting to an attacker-specified Mattermost server and room and posting a message. Additionally, this form validation method did no...
SSRF vulnerability due to missing permission check in OctopusDeploy Plugin
A missing permission check in a form validation method in OctopusDeploy Plugin allowed users with Overall/Read permission to initiate a connection test, sending an HTTP HEAD request to an attacker-specified URL, returning HTTP response code if successful, or exception error message otherwise...
SSRF vulnerability due to missing permission check in JMS Messaging Plugin
A missing permission check in a form validation method in JMS Messaging Plugin allowed users with Overall/Read permission to initiate a connection test, sending an HTTP request to an attacker-specified URL. Additionally, this form validation method did not require POST requests, resulting in a CS...
Acunetix Plugin stored API key in plain text
Acunetix Plugin stored the API Key in its configuration unencrypted in its global configuration file on the Jenkins controller. This key could be viewed by users with access to the Jenkins controller file system. The plugin now integrates with Credentials Plugin...
SSRF vulnerability due to missing permission check in Acunetix Plugin
A missing permission check in a form validation method in Acunetix Plugin allowed users with Overall/Read permission to initiate a connection test, sending an HTTP GET request to an attacker-specified URL, adding a /me suffix, returning whether the connection could be established and whether the...
Arxan MAM Publisher Plugin stored password in plain text
Arxan MAM Publisher Plugin stored the username and password connection credentials in its configuration unencrypted in jobs' config.xml files on the Jenkins controller. This key could be viewed by users with Extended Read permission, or access to the Jenkins controller file system. While masked...
Sandbox Bypass in Script Security Plugin
Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code elements. This affected an HTTP endpoint used to validate a user-submitted Groovy script that was not covered in the 2019-01-08 fix fo...
Sandbox Bypass in Groovy Plugin
Groovy Plugin has a form validation HTTP endpoint used to validate a user-submitted Groovy script through compilation, which was not subject to sandbox protection. This allowed attackers with Overall/Read access to execute arbitrary code on the Jenkins controller by applying AST transforming...
Sandbox Bypass via CSRF in Warnings Plugin
Warnings Plugin has a form validation HTTP endpoint used to validate a user-submitted Groovy script through compilation, which was not subject to sandbox protection. The endpoint checked for the Overall/RunScripts permission, but did not require POST requests, so it was vulnerable to cross-site...
Improper certificate validation with StartTLS in Active Directory Plugin
Active Directory Plugin performs TLS upgrade StartTLS after connecting to domain controllers through insecure LDAP. In this mode, certificates were not properly validated, effectively trusting all certificates, allowing man-in-the-middle attacks. This only affected TLS upgrades. The LDAPS mode,...
Blue Ocean did not require CSRF tokens
Blue Ocean did not require CSRF tokens "crumbs" for POST requests with the Content-Type: application/json. Blue Ocean now requires that valid CSRF tokens are present in POST requests...
XSS vulnerability via user description in Blue Ocean
Blue Ocean did not properly escape HTML/JavaScript content set on the current user's description field, resulting in a cross-site scripting vulnerability exploitable by administrators and other people accessing Jenkins with the same user account. Blue Ocean now properly escapes HTML/JavaScript...
XSS vulnerability in Config File Provider Plugin
Config File Provider Plugin improperly handled script names in its JavaScript-based UI, resulting in a stored cross-site scripting XSS vulnerability. Config File Provider Plugin now properly handles script names...
OpenId Connect Authentication Plugin showed plain text client secret in configuration form
OpenId Connect Authentication Plugin stores the client secret in the global Jenkins configuration. While the client secret is stored encrypted on disk, it was transmitted in plain text as part of the configuration form and displayed without masking. This could result in exposure of the client...
Clickjacking vulnerability in Monitoring Plugin
Monitoring Plugin did not set the X-Frame-Options header, allowing its pages to be embedded. This could result in clickjacking attacks. Monitoring Plugin now sets the X-Frame-Options header to sameorigin, preventing embedding...
Sandbox Bypass via CSRF in Warnings Next Generation Plugin
Warnings Next Generation Plugin has a form validation HTTP endpoint used to validate a Groovy script through compilation, which was not subject to sandbox protection. The endpoint checked for the Overall/RunScripts permission, but did not require POST requests, so it was vulnerable to cross-site...
CSRF vulnerability in Git Plugin
Git Plugin allows the creation of a tag in a job workspace's Git repository with accompanying metadata attached to a build record. The HTTP endpoint to create the tag did not require POST requests, resulting in a CSRF vulnerability. The HTTP endpoint to create the tag now requires that requests a...
XXE vulnerability in Job Import Plugin
Job Import Plugin allows to import jobs from other Jenkins instances. As a first step in this process, Job Import Plugin sends a request to another Jenkins instance, parsing XML REST API output to obtain a list of jobs that could be imported. Job Import Plugin did not configure the XML parser in ...
CSRF vulnerability and missing permission checks in Job Import Plugin allowed capturing credentials
Job Import Plugin did not check user permissions on its API endpoint used to access remote Jenkins instances. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...
GitHub Authentication Plugin showed plain text client secret in configuration form
GitHub Authentication Plugin stores the client secret in the global Jenkins configuration. While the client secret is stored encrypted on disk, it was transmitted in plain text as part of the configuration form and displayed without masking. This could result in exposure of the client secret...