Lucene search
K
JenkinsRecent

1464 matches found

Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/01/28 12:0 a.m.•10 views

Sandbox Bypass in Script Security Plugin

Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code elements. This affected an HTTP endpoint used to validate a user-submitted Groovy script that was not covered in the 2019-01-08 fix fo...

8.8CVSS8.5AI score0.19042EPSS
Exploits3Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/01/28 12:0 a.m.•7 views

Sandbox Bypass via CSRF in Warnings Next Generation Plugin

Warnings Next Generation Plugin has a form validation HTTP endpoint used to validate a Groovy script through compilation, which was not subject to sandbox protection. The endpoint checked for the Overall/RunScripts permission, but did not require POST requests, so it was vulnerable to cross-site...

8.8CVSS8.4AI score0.01151EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/01/28 12:0 a.m.•5 views

Recursive token expansion results in information disclosure and DoS in Token Macro Plugin

Token Macro Plugin recursively applied token expansion. This could be used by users able to affect input to token expansion such as change log messages, to inject additional tokens into the input, which would then be expanded, resulting in information disclosure for example values of environment...

8.1CVSS6.3AI score0.02039EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/01/28 12:0 a.m.•5 views

CSRF vulnerability and missing permission checks in Job Import Plugin allowed capturing credentials

Job Import Plugin did not check user permissions on its API endpoint used to access remote Jenkins instances. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

8.8CVSS6.8AI score0.01023EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/01/28 12:0 a.m.•6 views

CSRF vulnerability and missing permission checks in Kanboard Plugin allowed server-side request forgery

Kanboard Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to submit a GET request to an attacker-specified URL. Additionally, this form validation method did not require POST requests, resulting in a CSRF...

4.3CVSS5AI score0.00642EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/01/28 12:0 a.m.•6 views

Monitoring Plugin did not apply CSRF protection even if enabled in Jenkins

Monitoring Plugin provides a standalone JavaMelody servlet with an independent CSRF protection configuration. Even if Jenkins had CSRF protection enabled, Monitoring Plugin may not have it enabled. Monitoring Plugin now checks on startup whether Jenkins has CSRF protection enabled and enables its...

6.5CVSS6.5AI score0.00735EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/01/16 12:0 a.m.•5 views

Deleting a user in an external security realm did not invalidate their session or 'Remember me' cookie

When using an external security realm such as LDAP or Active Directory, deleting a user from the security realm does not result in the user losing access to Jenkins. While deleting the user record from Jenkins did invalidate the 'Remember me' cookie, there was no way to invalidate active sessions...

7.2CVSS6.3AI score0.01619EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/01/16 12:0 a.m.•6 views

Administrators could persist access to Jenkins using crafted 'Remember me' cookie

Users with the Overall/RunScripts permission typically administrators were able to use the Jenkins script console to craft a 'Remember me' cookie that would never expire. This allowed attackers access to a Jenkins instance while the corresponding user in the configured security realm exists, for...

7.2CVSS6.3AI score0.01545EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2019/01/08 12:0 a.m.•6 views

Sandbox Bypass in Script Security and Pipeline Plugins

Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code elements. Both the pipeline validation REST APIs and actual script/pipeline execution are affected. This allowed users with Overall/Re...

8.8CVSS7.3AI score0.98428EPSS
Exploits17Affected Software3
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/12/05 12:0 a.m.•6 views

Code execution through crafted URLs

Jenkins uses the Stapler web framework for HTTP request handling. Stapler's basic premise is that it uses reflective access to code elements matching its naming conventions. For example, any public method whose name starts with get, and that has a String, int, long, or no argument can be invoked...

10CVSS7.5AI score0.98481EPSS
Exploits5Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/12/05 12:0 a.m.•5 views

Forced migration of user records

The fix for SECURITY-499 introduced a mechanism that renamed user directories on disk as a user with an unsafe user name user ID is loaded. Insufficient input validation allowed attackers to rename such user directories even for users with a safe user name by submitting a crafted user name when...

8.2CVSS6.5AI score0.06762EPSS
Exploits1Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/12/05 12:0 a.m.•7 views

Workspace browser allowed accessing files outside the workspace

The file browser for workspaces, archived artifacts, and $JENKINSHOME/userContent/ followed symbolic links to locations outside the directory being browsed. While builds typically have access to the file system outside the workspace allocated by Jenkins, this should not extend to beyond the...

4.3CVSS5.8AI score0.01366EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/12/05 12:0 a.m.•6 views

Potential denial of service through cron expression form validation

The form validation for cron expressions e.g. "Poll SCM", "Build periodically" could enter infinite loops when cron expressions only matching certain rare dates were entered, blocking request handling threads indefinitely...

6.5CVSS6.2AI score0.02751EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/10/29 12:0 a.m.•8 views

Sandbox Bypass in Script Security and Pipeline Groovy Plugins

The Groovy Sandbox library used by Script Security Plugin and Pipeline Groovy Plugin did not apply sandbox restrictions to finalize methods. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection. Finalize methods are now prohibited in classes subject to...

8.8CVSS6.7AI score0.01639EPSS
Exploits0Affected Software2
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/10/10 12:0 a.m.•5 views

Path traversal vulnerability in Stapler allowed accessing internal data

A path traversal vulnerability in Stapler allowed viewing routable objects with views defined on any type. This could be used to access internal data of routable objects, commonly by showing their string representation toString...

6.5CVSS6.5AI score0.03256EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/10/10 12:0 a.m.•5 views

Session fixation vulnerability on user signup

When signing up for a new user account on instances using Jenkins' own user database, Jenkins did not invalidate the existing session and create a new one. This allowed session fixation. Jenkins now invalidates the existing session and creates a new one when logging in after user signup...

5.8CVSS6.3AI score0.01217EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/10/10 12:0 a.m.•5 views

Ephemeral user record creation

By accessing a specific crafted URL on Jenkins instances using Jenkins' own user database, users without Overall/Read access could create ephemeral user records. This behavior could be abused to create a large number of ephemeral user records in memory. Accessing this URL now no longer results in...

6.5CVSS6.5AI score0.0147EPSS
Exploits3Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/10/10 12:0 a.m.•6 views

Failures to process form submission data could result in secrets being displayed or written to logs

When Jenkins fails to process form submissions due to an internal error, the error message shown to the user and written to the log typically includes the serialized JSON form submission. Secrets, such as submitted passwords, might be included with the JSON object, and shown or written to disk in...

7.8CVSS6.7AI score0.00433EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/10/10 12:0 a.m.•5 views

Arbitrary file write vulnerability using file parameter definitions

Users with Job/Configure permission could specify a relative path escaping the base directory in the file name portion of a file parameter definition. This path would be used to archive the uploaded file on the Jenkins controller, resulting in an arbitrary file write vulnerability. File parameter...

6.5CVSS6.7AI score0.04021EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/10/10 12:0 a.m.•5 views

Reflected XSS vulnerability

The wrapper query parameter for the XML variant of the Jenkins remote API did not validate the specified tag name. This resulted in a reflected cross-site scripting vulnerability. Only legal XML tag names are now allowed for the wrapper query parameter...

6.1CVSS6.3AI score0.01534EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/10/10 12:0 a.m.•5 views

Ephemeral user record was created on some invalid authentication attempts

When attempting to authenticate using API token, an ephemeral user record was created to validate the token in case an external security realm was used, and the user record in Jenkins not previously saved, as legacy API tokens could exist without a persisted user record. This behavior could be...

7.5CVSS6.5AI score0.01673EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•7 views

Unprivileged users with Overall/Read access are able to enumerate credential IDs in Mesos Plugin

Mesos Plugin provides a list of applicable credential IDs to allow administrators configuring the Mesos cloud to select the one to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part ...

6.5CVSS6.5AI score0.01449EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•6 views

CSRF vulnerability in JUnit Plugin

A URL used to allow setting the description of a test object in JUnit Plugin did not require POST requests, resulting in a cross-site request forgery vulnerability. That URL now requires POST requests be sent...

6.5CVSS6.3AI score0.00809EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•6 views

CSRF vulnerability in Config File Provider Plugin

A URL used to save configuration files based on form submissions did not require POST requests, resulting in a CSRF vulnerability. This URL now requires POST requests...

8.1CVSS7.8AI score0.00835EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•6 views

CSRF vulnerability in Email Extension Template Plugin

Some URLs implementing form submission handling in Email Extension Template Plugin did not require POST requests, resulting in a CSRF vulnerability that allowed attackers to create or remove templates. These URLs now require POST requests...

8.1CVSS7.8AI score0.00788EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•7 views

SonarQube Scanner Plugin stored server authentication token in plain text

SonarQube Scanner Plugin stored a server authentication token unencrypted in its global configuration file on the Jenkins controller. This token could be viewed by users with access to the Jenkins controller file system. The plugin now stores the token encrypted in the configuration files on disk...

7.8CVSS7.4AI score0.00344EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•11 views

Stored XSS vulnerability in Git Changelog Plugin

Git Changelog Plugin did not escape the Git commit messages it displayed since version 1.48, resulting in a stored cross-site scripting XSS vulnerability exploitable by users with commit access to specific Git repositories. Git Changelog Plugin 2.7 and newer escape Git commit messages shown on th...

6.1CVSS5.9AI score0.00993EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•19 views

Unprivileged users with Overall/Read access are able to enumerate credential IDs in Argus Notifier Plugin

Argus Notifier Plugin provides a list of applicable credential IDs to allow administrators configuring the plugin to select the one to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as...

4.3CVSS5.4AI score
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•23 views

CSRF vulnerability and missing permission checks in Dimensions Plugin

Users with Overall/Read permission were able to access Dimensions Plugin's form validation URL, having it connect to an attacker-specified Dimensions system with attacker-specified credentials. Additionally, this form validation URL did not require POST requests, resulting in a CSRF vulnerability...

4.3CVSS5.3AI score
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•9 views

XML External Entity Processing Vulnerability in Monitoring Plugin

The JavaMelody library bundled in Monitoring Plugin is affected by an XML External Entity XXE processing vulnerability. This allows attacker to send crafted requests to a web application for extraction of secrets from the file system, server-side request forgery, or denial-of-service attacks...

9.8CVSS8.4AI score0.27873EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•7 views

Server-side request forgery vulnerability in Mesos Plugin

A missing permission check in a form validation method in Mesos Plugin allowed users with Overall/Read permission to initiate a connection test, connecting to an attacker-specified URL. Additionally, this form validation method did not require POST requests, resulting in a CSRF vulnerability. Thi...

6.5CVSS6.5AI score0.01293EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•7 views

Crowd 2 Integration Plugin stored credentials in plain text

Crowd 2 Integration Plugin stored the Crowd password unencrypted in its global configuration file on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system. The plugin now stores the password encrypted in the configuration files on disk an...

7.8CVSS7.4AI score0.00311EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•6 views

Artifactory Plugin stored old directly entered credentials unencrypted on disk

Artifactory Plugin 2.4.0 introduced support for securely storing credentials using the Credentials Plugin. Old, insecurely stored credentials however were not removed when switching to this new system. Artifactory Plugin 2.16.2 and newer remove obsolete credentials stored in plain text when using...

7.8CVSS7.4AI score0.00333EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•5 views

PAM Authentication Plugin did not properly validate user accounts

The pam4j library bundled in PAM Authentication Plugin had a bug that resulted in it not properly validating user accounts. The bundled version of the library was updated to include the fix for this...

6.5CVSS6.3AI score0.01511EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•12 views

Arachni Scanner Plugin stored credentials in plain text

Arachni Scanner Plugin stored its password unencrypted in its global configuration file on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system. The plugin now integrates with Credentials Plugin. Existing configurations are migrated...

3.3CVSS5.3AI score
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•15 views

CSRF vulnerability and missing permission checks in Argus Notifier Plugin allowed capturing credentials

Argus Notifier Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...

4.2CVSS5.2AI score
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•6 views

CSRF vulnerability and missing permission checks in Chatter Notifier Plugin allowed capturing credentials

Chatter Notifier Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored...

4.2CVSS5.2AI score
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•9 views

Publish Over Dropbox Plugin stored credentials in plain text

Publish Over Dropbox Plugin stored authorization code and access code unencrypted in its global configuration file on the Jenkins controller. These secrets could be viewed by users with access to the Jenkins controller file system. Additionally, the authorization code was not masked from view usi...

3.3CVSS5.4AI score
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•6 views

CSRF vulnerability and missing permission checks in Jira Plugin allowed capturing credentials

Jira Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS6.3AI score0.01194EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•7 views

Stored XSS vulnerability in Config File Provider Plugin

Config File Provider Plugin did not escape configuration file metadata, resulting in a stored cross-site scripting XSS vulnerability. Config File Provider Plugin now escapes configuration file metadata shown on the Jenkins UI...

5.4CVSS5.4AI score0.00947EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•5 views

Unprivileged users with Overall/Read access are able to enumerate credential IDs in HipChat Plugin

HipChat Plugin provides a list of applicable credential IDs to allow administrators configuring the plugin to select the one to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of ...

6.5CVSS6.5AI score0.01641EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•5 views

Server-side request forgery vulnerability in Crowd 2 Integration Plugin

Crowd 2 Integration Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL with attacker-specified credentials and connection settings. Additionally, this form validation...

6.5CVSS6.5AI score0.00769EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•9 views

CSRF vulnerability and missing permission checks in MQ Notifier Plugin

Users with Overall/Read permission were able to access MQ Notifier Plugin's form validation URL, having it connect to an attacker-specified MQ system with attacker-specified credentials. Additionally, this form validation URL did not require POST requests, resulting in a CSRF vulnerability. The...

4.3CVSS5.3AI score
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•22 views

Stored XSS vulnerability in Metadata Plugin

A stored cross-site scripting XSS vulnerability in Metadata Plugin allows users with permission to change metadata definitions to insert arbitrary HTML/Javascript into Jenkins pages. As of publication of this advisory, there is no fix...

4.8CVSS5.1AI score
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•15 views

Unprivileged users with Overall/Read access are able to enumerate credential IDs in Chatter Notifier Plugin

Chatter Notifier Plugin provides a list of applicable credential IDs to allow users configuring the plugin's functionality to select the one to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be...

4.3CVSS5.4AI score
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•21 views

Dimensions Plugin stored credentials in plain text

Dimensions Plugin stored a password unencrypted in its global configuration file on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system. The plugin now stores the password encrypted in the configuration files on disk and no longer...

4.3CVSS5.3AI score
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•5 views

Stored XSS vulnerability in Rebuild Plugin

Rebuild Plugin did not escape parameter descriptions shown on the rebuild form page, resulting in a stored Cross-Site Scripting XSS vulnerability exploitable by users with the permission to configure jobs. Rebuild Plugin now applies the configured markup formatter to the parameter descriptions it...

5.4CVSS5.6AI score0.00622EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•7 views

Reflected XSS vulnerability in Job Config History Plugin

Job Config History Plugin did not escape some query parameters shown on its pages, resulting in a reflected cross-site scripting XSS vulnerability. Job Config History Plugin now globally applies variable escaping to its pages...

6.1CVSS5.8AI score0.00842EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•6 views

CSRF vulnerability and missing permission checks in HipChat Plugin allowed capturing credentials

HipChat Plugin did not perform permission checks on a method that sends test notifications. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified HipChat server using attacker-specified connection settings and credentials IDs obtained through another method,...

8.8CVSS7.9AI score0.01064EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2018/09/25 12:0 a.m.•13 views

Missing permission check in Metadata Plugin allows unauthorized users to change Metadata Plugin configuration

Metadata Plugin lacks a permission check that allows users with Overall/Read access to Jenkins to change the plugin's configuration. As of publication of this advisory, there is no fix...

6.5CVSS5.3AI score
Exploits0Affected Software1
Total number of security vulnerabilities1464