RapidDeploy Plugin 4.2 and earlier does not escape package names in its displayed table of packages obtained from a remote server. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users able to configure jobs.
RapidDeplo…
[org.jenkins-ci.plugins:artifactory] Passwords stored in plain text by Jenkins Artifactory Plugin
Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password in plain text in the global configuration file org.jfrog.hudson.ArtifactoryBuilder.xml. This password can be viewed by users with access to the Jenkins controller file system.
…
[org.jenkins-ci.plugins:artifactory] Passwords transmitted in plain text by Jenkins Artifactory Plugin
Jenkins Artifactory Plugin 3.6.0 and earlier stores Artifactory server passwords in its global configuration file org.jfrog.hudson.ArtifactoryBuilder.xml on the Jenkins controller as part of its configuration.
While the password is stored encrypted on …
[io.jenkins.plugins:cryptomove] OS command injection in CryptoMove Plugin
CryptoMove Plugin 0.1.33 and earlier allows the configuration of an OS command to execute as part of its build step configuration. This command will be executed on the Jenkins controller as the OS user account running Jenkins, allowing user with Job/Co…
[org.jenkins-ci.plugins:literate] Remote Code Execution vulnerability in Jenkins Literate Plugin
Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-2158
https://jenkins.i…
[org.jenkins-ci.plugins:skytap] Credentials transmitted in plain text by Skytap Cloud CI Plugin
Skytap Cloud CI Plugin stores credentials in job config.xml files as part of its configuration.
While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form by Skytap Cloud CI Plugin 2.07 and …
[fr.edf.jenkins.plugins:mac] Missing SSH host key validation in Mac Plugin
Mac Plugin 1.1.0 and earlier does not use SSH host key validation when connecting to Mac Cloud host launched by the plugin. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to build agents.
Mac Plu…
[fr.edf.jenkins.plugins:mac] Missing permission checks in Mac Plugin
A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-…
[org.jenkins-ci.plugins:backlog] Credentials transmitted in plain text by Backlog Plugin
Backlog Plugin stores credentials in job config.xml files as part of its configuration.
While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form by Backlog Plugin 2.4 and earlier. These cr…
[org.jenkins-ci.plugins:openshift-deployer] Credentials transmitted in plain text by OpenShift Deployer Plugin
OpenShift Deployer Plugin stores credentials in its global configuration file org.jenkinsci.plugins.openshift.DeployApplication.xml on the Jenkins controller as part of its configuration.
While the credentials are stored encrypted on disk, they are tra…