Lucene search
K
JenkinsRecent

1464 matches found

Jenkins Security Advisories
Jenkins Security Advisories
•added 2023/01/24 12:0 a.m.•4 views

Missing permission checks in cisco-spark-notifier allow enumerating credentials IDs

cisco-spark-notifier 1.1.1 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...

4.3CVSS5AI score0.00584EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2023/01/24 12:0 a.m.•4 views

CSRF vulnerability and missing permission check in BearyChat

BearyChat 3.0.2 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this form validation method does not require POST requests, resulting in a cross-site...

8.8CVSS6.9AI score0.00717EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2023/01/24 12:0 a.m.•8 views

Password stored in plain text by testquality-updater

testquality-updater 1.3 and earlier stores the TestQuality Updater password unencrypted in its global configuration file com.testquality.jenkins.TestQualityNotifier.xml on the Jenkins controller as part of its configuration. This password can be viewed by users with access to the Jenkins controll...

5.5CVSS5.6AI score0.00203EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2023/01/24 12:0 a.m.•6 views

Path traversal vulnerability in visualexpert

visualexpert 1.3 and earlier does not restrict the names of files in methods implementing form validation. This allows attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. As of publication of this advisory,...

4.3CVSS5.1AI score0.01187EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/12/07 12:0 a.m.•4 views

XXE vulnerability in plot

plot 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control XML input files for the 'Plot build data' build step to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the...

9.8CVSS8.5AI score0.00947EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/12/07 12:0 a.m.•5 views

Open redirect vulnerability in google-login

google-login 1.4 through 1.6 both inclusive improperly determines that a redirect URL after login is legitimately pointing to Jenkins. This allows attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site after successful authentication...

6.1CVSS6AI score0.00529EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/12/07 12:0 a.m.•9 views

Stored XSS vulnerability in checkmarx

checkmarx processes Checkmarx service API responses and generates HTML reports from them for rendering on the Jenkins UI. checkmarx 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports. This results in a stored cross-site...

7.5CVSS5.3AI score0.00456EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/12/07 12:0 a.m.•7 views

Improper credentials masking in gitea

gitea support authentication with Gitea personal access tokens. In gitea 1.4.4 and earlier, the implementation of these tokens did not support credentials masking. This can expose Gitea personal access tokens in the build log, e.g., when printed as part of repository URLs. gitea 1.4.5 adds suppor...

4.3CVSS5.1AI score0.00332EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/12/07 12:0 a.m.•5 views

Stored XSS vulnerability in custom-build-properties

custom-build-properties 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to set or change these values...

8CVSS5.4AI score0.00456EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/12/07 12:0 a.m.•4 views

Stored XSS vulnerability in spring-config

spring-config 2.0.0 and earlier does not escape build display names shown on the Spring Config view. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to change build display names. spring-config 2.0.1 escapes build display names shown on the Spring...

8CVSS5.4AI score0.00456EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/12/07 12:0 a.m.•4 views

CSRF vulnerability in sonar-gerrit

sonar-gerrit 377.v8f3808963dc5 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This allows attackers to have Jenkins connect to Gerrit servers previously configured by Jenkins administrators using attacker-specified...

6.5CVSS6.4AI score0.00429EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/11/15 12:0 a.m.•5 views

Whole-script approval in script-security vulnerable to SHA-1 collisions

script-security 1189.vbab7c8fd5fde and earlier stores whole-script approvals as the https://en.wikipedia.org/wiki/SHA-1SHA-1 hash of the approved script. SHA-1 no longer meets the security standards for producing a cryptographically secure message digest. script-security 1190.v65867aa47126 uses...

8CVSS7.5AI score0.00468EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/11/15 12:0 a.m.•11 views

CSRF vulnerability and missing permission check in delete-log-plugin

delete-log-plugin 1.0 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Item/Read permission to delete build logs. Additionally, this HTTP endpoint does not require POST requests, resulting in a cross-site request forgery CSRF vulnerability. As of...

4.3CVSS4.9AI score0.00531EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/11/15 12:0 a.m.•7 views

XXE vulnerability on agents in cccc

cccc 0.6 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control the contents of the report file for the 'Publish CCCC Report' post-build step to have agent processes parse a crafted file that uses external entities for...

9.8CVSS8.6AI score0.01057EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/11/15 12:0 a.m.•4 views

XXE vulnerability on agents in sourcemonitor

sourcemonitor 0.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control XML input files for the 'Publish SourceMonitor results' post-build step to have agent processes parse a crafted file that uses external entities for...

9.8CVSS8.6AI score0.00961EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/11/15 12:0 a.m.•4 views

XXE vulnerability on agents in OSF Builder Suite : : XML Linter

OSF Builder Suite : : XML Linter 1.0.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control XML files that get processed by the 'OSF Builder Suite : : XML Linter' build step to have agent processes parse a crafted file tha...

9.8CVSS8.6AI score0.00961EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/11/15 12:0 a.m.•5 views

CSRF vulnerability and missing permission check in cluster-stats

cluster-stats 0.4.6 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to delete recorded Jenkins Cluster Statistics. Additionally, this HTTP endpoint does not require POST requests, resulting in a cross-site request forgery CSR...

4.3CVSS4.9AI score0.00531EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/11/15 12:0 a.m.•5 views

XXE vulnerability in japex

japex 1.7 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control XML input files for the 'Record Japex test report' post-build step to have Jenkins parse a crafted file that uses external entities for extraction of secrets...

9.8CVSS8.4AI score0.01057EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/11/15 12:0 a.m.•10 views

Stored XSS vulnerability in associated-files

associated-files 0.2.1 and earlier does not escape names of associated files. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. As of publication of this advisory, there is no fix. Learn why we announce this...

8CVSS5.3AI score0.00589EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/11/15 12:0 a.m.•4 views

Stored XSS vulnerability in junit

junit 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links. This is done in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. junit 1160.vf1f01aaeab7f no longer converts UR...

8CVSS5.3AI score0.00617EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/11/15 12:0 a.m.•4 views

Password stored in plain text by reverse-proxy-auth-plugin

reverse-proxy-auth-plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller as part of its configuration. This password can be viewed by attackers with access to the Jenkins controller file system. reverse-proxy-auth-plugin 1.7....

6.5CVSS6.4AI score0.00649EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/11/15 12:0 a.m.•5 views

Passwords stored in plain text by cavisson-ns-nd-integration

cavisson-ns-nd-integration 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These passwords can be viewed by attackers with Item/Extended Read permission or access to the Jenkins controller file system...

6.5CVSS6.4AI score0.00636EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/11/15 12:0 a.m.•9 views

SSL/TLS certificate validation globally and unconditionally disabled by cavisson-ns-nd-integration

cavisson-ns-nd-integration 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM. cavisson-ns-nd-integration 4.8.0.146 no longer disables SSL/TLS certificate and hostname validation globally...

7.5CVSS7.2AI score0.00396EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/11/15 12:0 a.m.•5 views

XXE vulnerability on agents in violations

violations 0.7.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers to to control XML input files for the 'Report Violations' post-build step to have agent processes parse a crafted file that uses external entities for extraction of...

5.5CVSS6AI score0.00262EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/11/15 12:0 a.m.•7 views

Remote code execution vulnerability in pipeline-utility-steps

pipeline-utility-steps implements a readProperties Pipeline step that supports interpolation of variables using the Apache Commons Configuration library. pipeline-utility-steps 2.13.0 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of this library with t...

9.8CVSS7.8AI score0.42646EPSS
Exploits3Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/11/15 12:0 a.m.•6 views

Incorrect permission checks in support-core

support-core defines the permission Support/DownloadBundle that allows users without Overall/Administer permission to create and download support bundles containing a limited set of diagnostic information. support-core 1206.v14049fabd860 and earlier does not correctly perform permission checks in...

6.5CVSS6.4AI score0.00649EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/11/15 12:0 a.m.•8 views

Stored XSS vulnerability in BART

BART 1.0.3 and earlier does not escape the parsed content of build logs before rendering it on the Jenkins UI. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. As of publication of this advisory, there is no fix. Learn why we...

8CVSS5.3AI score0.00602EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/11/15 12:0 a.m.•6 views

Arbitrary file read vulnerability in Config Rotator

Config Rotator 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint. This allows unauthenticated attackers to read arbitrary files with .xml extension on the Jenkins controller file system. As of publication of this advisory, there is no fix. Learn why we announce...

7.5CVSS7.4AI score0.01061EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/11/15 12:0 a.m.•5 views

Lack of authentication mechanism for webhook in xpdev

xpdev provides a webhook endpoint at /xpdev-webhook that can be used to trigger builds configured to use a specified repository. In xpdev 1.0 and earlier, this endpoint can be accessed without authentication. This allows unauthenticated attackers to trigger builds of jobs corresponding to an...

5.3CVSS5.6AI score0.00614EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/11/15 12:0 a.m.•4 views

Arbitrary file read vulnerability in pipeline-utility-steps

pipeline-utility-steps implements a readProperties Pipeline step that supports interpolation of variables using the Apache Commons Configuration library. pipeline-utility-steps 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of this library that...

8.1CVSS7.8AI score0.01328EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/11/15 12:0 a.m.•6 views

Stored XSS vulnerability in naginator

naginator 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to edit build display names. naginator 1.18.2 escapes display names of source...

8CVSS5.3AI score0.00589EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/11/15 12:0 a.m.•4 views

Lack of authentication mechanism for webhook in dockerhub-notification

dockerhub-notification provides several webhook endpoints that can be used to trigger builds when Docker images used by a job have been rebuilt. In dockerhub-notification 2.6.2 and earlier, these endpoints can be accessed without authentication. This allows unauthenticated attackers to trigger...

7.5CVSS7.3AI score0.00566EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/11/15 12:0 a.m.•6 views

SSL/TLS certificate validation unconditionally disabled by cavisson-ns-nd-integration

cavisson-ns-nd-integration 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features. As of publication of this advisory, there is no fix. Learn why we announce this...

7.5CVSS7.2AI score0.00396EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/11/15 12:0 a.m.•10 views

Missing permission check in loaderio-jenkins-plugin allows enumerating credentials IDs

loaderio-jenkins-plugin 1.0.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...

4.3CVSS5.1AI score0.00522EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•4 views

CSRF protection for any URL can be bypassed in pipeline-input-step

pipeline-input-step 451.vf1aa4f405289 and earlier does not restrict or sanitize the optionally specified ID of the input step. This ID is used for the URLs that process user interactions for the given input step proceed or abort and is not correctly encoded. This allows attackers able to configur...

8.8CVSS7.8AI score0.00493EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•15 views

Stored XSS vulnerability in workflow-support

workflow-support provides a feature to add hyperlinks, that send POST requests when clicked, to build logs. These links are used by Pipeline: Input Step Plugin to allow users to proceed or abort the build, or by Pipeline: Job Plugin to allow users to forcibly terminate the build after aborting it...

8CVSS5.5AI score0.00655EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•4 views

Non-constant time webhook token comparison in generic-webhook-trigger

generic-webhook-trigger 1.84.1 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. generic-webhook-trigger 1.84.2 uses a...

5.3CVSS5.7AI score0.00501EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•4 views

Sandbox bypass vulnerability in Pipeline: Groovy Libraries Plugin and Pipeline: Deprecated Groovy Libraries Plugin

Pipeline: Groovy Libraries Plugin and older releases of the Pipeline: Deprecated Groovy Libraries Plugin formerly Pipeline: Shared Groovy Libraries Plugin define the library Pipeline step, which allows Pipeline authors to dynamically load Pipeline libraries. The return value of this step can be...

9.9CVSS8.6AI score0.01161EPSS
Exploits0Affected Software2
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•7 views

CSRF protection for any URL can be bypassed in pipeline-stage-view

pipeline-stage-view provides a visualization of Pipeline builds. It also allows users to interact with input steps from Pipeline: Input Step Plugin. pipeline-stage-view 2.26 and earlier does not correctly encode the ID of input steps when using it to generate URLs to proceed or abort Pipeline...

8CVSS6.4AI score0.00443EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•10 views

Webhook endpoint discloses job names to unauthorized users in mercurial

mercurial provides a webhook endpoint at /mercurial/notifyCommit that can be used to notify Jenkins of changes to an SCM repository. This endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. It can be accessed with GET reques...

5.3CVSS5.5AI score0.00655EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•5 views

Non-constant time webhook token comparison in gitlab-plugin

gitlab-plugin 1.5.35 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. gitlab-plugin 1.5.36 uses a constant-time comparison...

5.3CVSS5.7AI score0.00655EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•7 views

Missing permission check in job-import-plugin allows enumerating credentials IDs

job-import-plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerabilit...

4.3CVSS5.1AI score0.00537EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•5 views

Agent-to-controller security bypass vulnerability in nunit

nunit 0.27 and earlier implements an agent-to-controller message that parses files inside a user-specified directory as test results. This allows attackers able to control agent processes to obtain test results from files in an attacker-specified directory on the Jenkins controller. nunit 0.28...

5.3CVSS5.9AI score0.00635EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•5 views

Content-Security-Policy protection for user content disabled by ScreenRecorder

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. ScreenRecorder 0.7 and earlier programmatically updates the Java system propert...

8CVSS4.8AI score0.00511EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•5 views

Content-Security-Policy protection for user content disabled by NeuVector Vulnerability Scanner

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. NeuVector Vulnerability Scanner 1.20 and earlier globally disables the...

8CVSS5.3AI score0.00639EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•7 views

Content-Security-Policy protection for user content can be disabled in 360 FireLine

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. 360 FireLine 1.7.2 and earlier globally disables the Content-Security-Policy...

8CVSS5.3AI score0.00617EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•5 views

Sandbox bypass vulnerabilities in Script Security Plugin and in Pipeline: Groovy Plugin

Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be...

9.9CVSS8.7AI score0.01428EPSS
Exploits0Affected Software2
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•5 views

XXE vulnerability in repo

repo 1.15.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control which repo binary is executed on agents to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets from the Jenkins...

7.5CVSS7.4AI score0.00875EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•5 views

Missing permission checks in Katalon allow capturing credentials

Katalon 1.0.32 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS5AI score0.00554EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•8 views

CSRF vulnerability in Katalon allows capturing credentials

Katalon 1.0.33 and earlier does not require POST requests for several HTTP endpoints, resulting in cross-site request forgery CSRF vulnerabilities. This vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

4.3CVSS5AI score0.00397EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1464