Lucene search
K
JenkinsRecent

1464 matches found

Jenkins Security Advisories
Jenkins Security Advisories
added 2023/12/13 12:0 a.m.5 views

Open redirect vulnerability in oic-auth

oic-auth 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins. This allows attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site after successful authentication. As of publication o...

6.1CVSS6AI score0.006EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/12/13 12:0 a.m.6 views

Tokens stored and displayed in plain text by dingding-json-pusher

dingding-json-pusher 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These tokens can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally, the job...

4.3CVSS5AI score0.00347EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/12/13 12:0 a.m.6 views

CSRF vulnerability in htmlresource allows deleting arbitrary files

htmlresource 1.02 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to delete arbitrary files on the Jenkins controller file system. As of publication of this advisory, there is no fix...

8.8CVSS7.8AI score0.00493EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/12/13 12:0 a.m.5 views

CSRF vulnerability in ec2-deployment-dashboard

ec2-deployment-dashboard 1.0.10 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to copy jobs. As of publication of this advisory, there is no fix. Learn why we announce this...

4.3CVSS5AI score0.00338EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/11/29 12:0 a.m.4 views

Incorrect permission checks in google-compute-engine

google-compute-engine 4.550.vb327fca3db11 and earlier does not correctly perform permission checks in multiple HTTP endpoints. This allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to do the following: Enumerate system-scoped...

4.3CVSS4.8AI score0.00531EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/11/29 12:0 a.m.6 views

CSRF vulnerabilities and missing permission checks in matlab allow XXE

matlab determines whether a user-specified directory on the Jenkins controller is the location of a MATLAB installation by parsing an XML file in that directory. matlab 2.11.0 and earlier does not perform permission checks in several HTTP endpoints implementing related form validation...

9.8CVSS8.3AI score0.00844EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/11/29 12:0 a.m.5 views

Exposure of system-scoped credentials in jira

jira 3.11 and earlier does not set the appropriate context for credentials lookup, allowing the use of system-scoped credentials otherwise reserved for the global configuration. This allows attackers with Item/Configure permission to access and capture credentials they are not entitled to. jira...

6.5CVSS5.6AI score0.0061EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/11/29 12:0 a.m.5 views

CSRF vulnerability and missing permission checks in neuvector-vulnerability-scanner

neuvector-vulnerability-scanner 1.22 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, this HTTP...

8.8CVSS6.2AI score0.00479EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/10/25 12:0 a.m.7 views

Stored XSS vulnerability in github

github 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. github 1.37.3.1 escapes GitHub project URL on the build page when showi...

8CVSS5.3AI score0.00606EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/10/25 12:0 a.m.14 views

Exposure of system-scoped credentials in warnings-ng

warnings-ng 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing the use of system-scoped credentials otherwise reserved for the global configuration. This allows attackers with Item/Configure permission to access and capture credentials they are not entitled t...

6.5CVSS6.1AI score0.00606EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/10/25 12:0 a.m.5 views

Missing permission check in lambdatest-automation allows enumerating credentials IDs

lambdatest-automation 1.20.9 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using...

4.3CVSS5.1AI score0.00394EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/10/25 12:0 a.m.6 views

Exposure of token through logs in lambdatest-automation

lambdatest-automation 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level. This can result in accidental exposure of the token through the default system log. lambdatest-automation 1.21.0 no longer logs LAMBDATEST Credentials access token...

6.5CVSS5.2AI score0.00363EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/10/25 12:0 a.m.4 views

Arbitrary file deletion vulnerability in electricflow

In electricflow, artifacts that were previously copied from an agent to the controller are deleted after publishing by the 'CloudBees CD - Publish Artifact' post-build step. electricflow 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during this cleanup...

8.1CVSS7.6AI score0.0135EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/10/25 12:0 a.m.6 views

Arbitrary file read vulnerability in electricflow

electricflow temporarily copies files from an agent workspace to the controller in preparation for publishing them in the 'CloudBees CD - Publish Artifact' post-build step. electricflow 1.1.32 and earlier follows symbolic links to locations outside of the temporary directory on the controller whe...

6.5CVSS6.6AI score0.01159EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/10/25 12:0 a.m.4 views

Non-constant time webhook token comparison in multibranch-scan-webhook-trigger

multibranch-scan-webhook-trigger 1.0.9 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. As of publication of this advisory...

5.3CVSS5.1AI score0.00557EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/10/25 12:0 a.m.5 views

Non-constant time webhook token comparison in teams-webhook-trigger

teams-webhook-trigger 0.1.1 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. As of publication of this advisory, there is ...

5.3CVSS5.1AI score0.00569EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/10/25 12:0 a.m.6 views

Non-constant time webhook token comparison in gogs-webhook

gogs-webhook 1.0.15 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. As of publication of this advisory, there is no fix...

5.3CVSS5.1AI score0.00569EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/10/25 12:0 a.m.5 views

Stored XSS vulnerability in trac

trac 1.13 and earlier does not escape the Trac website URL on the build page. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. As of publication of this advisory, there is no fix. Learn why we announce this...

8CVSS5.3AI score0.00459EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/10/25 12:0 a.m.6 views

Non-constant time webhook token hash comparison in zanata

zanata 0.6 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token hashes are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. As of publication of this advisory, there is no fix...

5.3CVSS5.7AI score0.00462EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/10/18 12:0 a.m.5 views

HTTP/2 denial of service vulnerabilities in bundled Jetty

Jenkins bundles Winstone-Jetty, a wrapper around Jetty, to act as HTTP and servlet server when started using java -jar jenkins.war. This is how Jenkins is run when using any of the installers or packages, but not when run using servlet containers such as Tomcat. Jenkins 2.427 and earlier, LTS...

7.5CVSS7.1AI score0.99999EPSS
Exploits20Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/09/20 12:0 a.m.6 views

Stored XSS vulnerability

ExpandableDetailsNote allows annotating build log content with additional information that can be revealed when interacted with. Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the caption constructor parameter of ExpandableDetailsNote. This results in a stored...

8CVSS5.9AI score0.00883EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/09/20 12:0 a.m.4 views

Temporary plugin file created with insecure permissions

Jenkins creates a temporary file when a plugin is deployed directly from a URL. Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates this temporary file in the system temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they m...

8.8CVSS7.8AI score0.00944EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/09/20 12:0 a.m.4 views

Temporary uploaded file created with insecure permissions

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, uploaded files processed via the Stapler web framework and the Jenkins API MultipartFormDataParser create temporary files in the system temporary directory with the default permissions for newly created files. If these permissions are overly...

8.1CVSS7.5AI score0.008EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/09/20 12:0 a.m.4 views

Stored XSS vulnerability in build-failure-analyzer

build-failure-analyzer 2.4.1 and earlier does not escape Failure Cause names in build logs. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create or update Failure Causes. build-failure-analyzer 2.4.2 escapes Failure Cause names in build logs...

8CVSS5.3AI score0.00521EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/09/20 12:0 a.m.42 views

CSRF vulnerability and missing permission check in build-failure-analyzer allow SSRF

build-failure-analyzer 2.4.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, this HTTP endpoin...

8.8CVSS6.8AI score0.00504EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/09/20 12:0 a.m.25 views

CSRF vulnerability in build-failure-analyzer allows deleting Failure Causes

build-failure-analyzer 2.4.1 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to delete Failure Causes. build-failure-analyzer 2.4.2 requires POST requests for the affected HTTP...

4.3CVSS4.9AI score0.00339EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/09/20 12:0 a.m.4 views

Builds can be filtered by values of sensitive build variables

Jenkins allows filtering builds in the build history widget by specifying an expression that searches for matching builds by name, description, parameter values, etc. Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through 2.414.1 both inclusive does not exclude sensitive build variables...

4.3CVSS6.1AI score0.03388EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/09/06 12:0 a.m.6 views

Path traversal allows exploiting XSS vulnerability in jobConfigHistory

jobConfigHistory 1227.v7a79fc4dc01f and earlier does not restrict a name query parameter when rendering a history entry. This allows attackers to have Jenkins render a manipulated configuration history that was not created by the plugin. The history view does not property sanitize or escape the...

8CVSS5AI score0.0076EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/09/06 12:0 a.m.21 views

Path traversal allows exploiting XXE vulnerability in jobConfigHistory

jobConfigHistory 1227.v7a79fc4dc01f and earlier does not restrict timestamp query parameters in multiple endpoints. This allows attackers with Job Config History/DeleteEntry permission to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file...

8.8CVSS7.1AI score0.0075EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/09/06 12:0 a.m.4 views

Non-constant time nonce comparison in azure-ad

azure-ad 396.v86ce29279947 and earlier, except 378.380.v545b1154b3fb, does not use a constant-time comparison when checking whether the provided and expected CSRF protection nonce are equal. This could potentially allow attackers to use statistical methods to obtain a valid nonce. azure-ad...

7.5CVSS7.3AI score0.00676EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/09/06 12:0 a.m.6 views

Incorrect permission checks in qualys-cs

qualys-cs 1.6.2.6 and earlier does not correctly perform a permission check in multiple HTTP endpoints. This allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to do the following: Enumerate credentials IDs of credentials stored in...

7.1CVSS5.1AI score0.00317EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/09/06 12:0 a.m.8 views

CSRF vulnerability and missing permission check in aws-codecommit-trigger

aws-codecommit-trigger 3.0.12 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to clear the SQS queue. Additionally, this endpoint does not require POST requests, resulting in a cross-site request forgery CSRF vulnerability. A...

6.5CVSS5.4AI score0.00533EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/09/06 12:0 a.m.5 views

Disabled permissions granted by assembla-auth

assembla-auth provides an authorization strategy that defines four levels of access to Jenkins, based on the corresponding permissions in Assembla spaces: ALL, EDIT, VIEW, and NONE. assembla-auth 1.14 and earlier does not verify that the permissions it grants are enabled. This results in users wi...

8.8CVSS8.5AI score0.00551EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/09/06 12:0 a.m.6 views

Improper masking of credentials in pipeline-maven

pipeline-maven integrates with https://plugins.jenkins.io/config-file-provider/Config File Provider Plugin to specify custom Maven settings, including credentials for authentication. pipeline-maven 1330.v18e473854496 and earlier does not properly mask i.e., replace with asterisks usernames of...

5.3CVSS5.7AI score0.00544EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/09/06 12:0 a.m.4 views

Non-constant time token comparison in google-login

google-login 1.7 and earlier does not use a constant-time comparison when checking whether the provided and expected token are equal. This could potentially allow attackers to use statistical methods to obtain a valid token. google-login 1.8 uses a constant-time comparison when validating the tok...

7.5CVSS7.3AI score0.00676EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/09/06 12:0 a.m.5 views

SSRF vulnerability in bitbucket-push-and-pull-request allows capturing credentials

bitbucket-push-and-pull-request provides a webhook endpoint at /bitbucket-hook/ to receive webhook notifications. When acting on these notifications, bitbucket-push-and-pull-request 2.4.0 through 2.8.3 both inclusive trusts values provided in the webhook payload, including certain URLs, and uses...

7.5CVSS7.3AI score0.00566EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/09/06 12:0 a.m.4 views

XXE vulnerability in ivy

ivy 2.5 and earlier bundles versions of Apache Ivy vulnerable to CVE-2022-46751. This allows attackers able to control the input file for the "Trigger the build of other projects based on the Ivy dependency management system" post-build step to have Jenkins parse a crafted XML document that uses...

8.2CVSS7.5AI score0.01855EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/09/06 12:0 a.m.5 views

CSRF vulnerability in ivy

ivy 2.5 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to delete disabled modules. As of publication of this advisory, there is no fix. Learn why we announce this...

6.5CVSS6.3AI score0.00309EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/09/06 12:0 a.m.6 views

Disabled permissions can be granted by ssh2easy

ssh2easy 1.4 and earlier does not verify that permissions configured to be granted are enabled. This may allow users formerly granted typically optional permissions, like Overall/Manage to access functionality they're no longer entitled to. NOTE: As a workaround, administrators can save the...

8.8CVSS7.8AI score0.00551EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/09/06 12:0 a.m.6 views

Stored XSS vulnerability in tap

tap 2.3 and earlier does not escape TAP file contents. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control TAP file contents. As of publication of this advisory, there is no fix. Learn why we announce this...

8CVSS5.3AI score0.00542EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/09/06 12:0 a.m.6 views

Missing permission check in aws-codecommit-trigger allows enumerating credentials IDs

aws-codecommit-trigger 3.0.12 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...

4.3CVSS5.1AI score0.00371EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/09/06 12:0 a.m.4 views

HTML injection vulnerability in aws-codecommit-trigger

aws-codecommit-trigger 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message. This results in an HTML injection vulnerability. NOTE: Since Jenkins 2.275 and LTS 2.263.2, a security hardening for form validation responses...

6.1CVSS6.1AI score0.00435EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/09/06 12:0 a.m.6 views

CSRF vulnerability and missing permission checks in frugal-testing

frugal-testing 1.1 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to do the following: Connect to Frugal Testing using attacker-specified username and password. Retrieve test IDs and names from Frugal Testing, if a vali...

5.4CVSS4.9AI score0.00371EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/08/16 12:0 a.m.6 views

CSRF vulnerability in cloudbees-folder

cloudbees-folder 6.846.v23698686f0f6 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to copy a view inside a folder. cloudbees-folder 6.848.ve3bfd7839a81 requires POST requests for t...

4.3CVSS4.9AI score0.00331EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/08/16 12:0 a.m.7 views

Information disclosure in cloudbees-folder

cloudbees-folder displays an error message when attempting to access the Scan Organization Folder Log if no logs are available. In cloudbees-folder 6.846.v23698686f0f6 and earlier, this error message includes the absolute path of a log file, exposing information about the Jenkins controller file...

4.3CVSS5AI score0.00533EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/08/16 12:0 a.m.10 views

Improper masking of credentials in nodejs

nodejs integrates with https://plugins.jenkins.io/config-file-provider/Config File Provider Plugin to specify custom NPM settings, including credentials for authentication, in a Npm config file. nodejs 1.6.0 and earlier does not properly mask i.e., replace with asterisks credentials specified in...

7.5CVSS7.3AI score0.0053EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/08/16 12:0 a.m.5 views

CSRF vulnerability in blueocean allows capturing credentials

blueocean 1.27.5 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job. This...

8.8CVSS7.8AI score0.00537EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/08/16 12:0 a.m.5 views

HTML injection vulnerability in fortify

fortify 22.1.38 and earlier does not escape the error message for a form validation method. This results in an HTML injection vulnerability. NOTE: Since Jenkins 2.275 and LTS 2.263.2, a security hardening for form validation responses prevents JavaScript execution, so no scripts can be injected...

6.1CVSS6.1AI score0.00411EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/08/16 12:0 a.m.6 views

Stored XSS vulnerability in flaky-test-handler

flaky-test-handler 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control JUnit report file contents. flaky-test-handler 1.2.3 escapes JUnit test contents...

8CVSS5.3AI score0.00521EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2023/08/16 12:0 a.m.4 views

Non-constant time token comparison in tuleap-oauth

tuleap-oauth 1.1.20 and earlier does not use a constant-time comparison when checking whether two authentication tokens are equal. This could potentially allow attackers to use statistical methods to obtain a valid authentication token. tuleap-oauth 1.1.21 uses a constant-time comparison when...

5.9CVSS6AI score0.00494EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1464