GitLab Authentication Plugin 1.5 and earlier does not differentiate between user names and hierarchical group names when performing authorization. This allows an attacker with permissions to create groups in GitLab to gain the privileges granted to ano…
[org.jenkins-ci.main:jenkins-core] Stored XSS vulnerability in Jenkins ‘keep forever’ badge icon
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the ‘Keep this build forever’ badge tooltip. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users able to configure job names.
As job n…
[org.jenkins-ci.main:jenkins-core] Stored XSS vulnerability in Jenkins console links
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the href attribute of links to downstream jobs displayed in the build console page. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Confi…
[org.jenkins-ci.main:jenkins-core] Stored XSS vulnerability in Jenkins upstream cause
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job’s display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability.
Jenkins 2.245, LTS 2.235.2 escapes the job display name.
Refere…
[org.jenkins-ci.main:jenkins-core] Stored XSS vulnerability in Jenkins job build time trend
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability.
Jenkins 2.245, LTS 2.235.2 escapes the agent name.
References
https://nvd.nist.go…
[org.jenkins-ci.plugins:fortify-on-demand-uploader] Users with Overall/Read access could enumerate credentials IDs in Jenkins Fortify on Demand Plugin
Fortify on Demand Plugin provides a list of applicable credentials IDs to allow users configuring the plugin to select the one to use.
This functionality does not correctly check permissions in Fortify on Demand Plugin 6.0.0 and earlier, allowing any u…
[org.jenkins-ci.plugins:sonargraph-integration] Stored XSS vulnerability in Jenkins Sonargraph Integration Plugin
Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation.
This results in a stored cross-site scripting (XSS) vulnerability that can be exploited by users with Job/Configure permission.
Sonarg…
[org.jenkins-ci.plugins:fortify-on-demand-uploader] CSRF vulnerability in Jenkins Fortify on Demand Plugin
A cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs.
This form validation method req…
[hudson.plugins:project-inheritance] Missing permission check in Jenkins Project Inheritance Plugin
Jenkins Project Inheritance Plugin 21.04.03 and earlier does not redact encrypted secrets in the ‘getConfigAsXML’ API URL when transmitting job config.xml data to users without Job/Configure.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-2198
h…
[hudson.plugins:project-inheritance] Missing permission check in Jenkins Project Inheritance Plugin
Jenkins limits access to job configuration XML data (config.xml) to users with Job/ExtendedRead permission, typically implied by Job/Configure permission. Project Inheritance Plugin has several job inspection features, including the API URL /job/…/get…