Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint.
This allows attackers with Overall/Read permission to view an administrative configuration page.
Health Advisor by CloudBees Plugin …
[org.jenkins-ci.plugins:validating-string-parameter] Stored XSS vulnerability in Validating String Parameter Plugin
Validating String Parameter Plugin 2.4 and earlier does not escape regular expressions in tooltips. Additionally, Validating String Parameter Plugin 2.4 does not escape parameter names and parameter descriptions.
This results in a stored cross-site scr…
[org.jenkins-ci.plugins:pipeline-maven] Stored XSS vulnerability in Pipeline Maven Integration Plugin via unescaped display name
Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job’s display name shown as part of a build cause.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission…
[io.jenkins.blueocean:blueocean] Missing permission check in Blue Ocean Plugin
Updated 2020-09-16
This entry previously misidentified the problematic behavior. The HTTP request itself is legitimate, but only authorized users should be able to perform it.
Original Description
Blue Ocean Plugin 1.23.2 and earlier does not perform p…
[io.jenkins.blueocean:blueocean] Path traversal vulnerability in Blue Ocean Plugin
Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag, blueocean.features.GIT_READ_SAVE_TYPE, that when set to the value clone allows an attacker with Item/Configure or Item/Create permission to read arbitrary files on the Jenkins …
[org.jenkins-ci.plugins:email-ext] Missing hostname validation in Email Extension Plugin
Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections.
Email Extension Plugin …
[Microsoft.AspNetCore.Http] Cookie parsing failure
A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being …
[org.jenkins-ci.plugins:vmanager-plugin] Stored XSS vulnerability in Jenkins Cadence vManager Plugin
Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.
Cadence vManager Plugin 3.0.5 removes …
[org.jenkins-ci.plugins:soapui-pro-functional-testing] Passwords transmitted in plain text by Jenkins ReadyAPI Functional Testing Plugin
ReadyAPI Functional Testing Plugin stores project passwords in job config.xml files on the Jenkins controller as part of its configuration.
While these passwords are stored encrypted on disk since ReadyAPI Functional Testing Plugin 1.4, they are transm…
[org.jenkins-ci.plugins:jsgames] Reflected XSS vulnerability in Jenkins JSGames Plugin
Jenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code, resulting in a reflected cross-site scripting (XSS) vulnerability.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-2248
https://jenkins.io/security/advisory/2020-09-01/#SECUR…