Sonar Quality Gates Plugin stores credentials in its global configuration file org.quality.gates.jenkins.plugin.GlobalConfig.xml on the Jenkins controller as part of its configuration. While the credentials are stored encrypted on disk, they are transm…
[org.jenkins-ci.plugins:cobertura] XXE vulnerability in Jenkins Cobertura Plugin
Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
This allows a user able to control the input files for the ‘Publish Cobertura Coverage Report’ post-build step to have Jenkins parse a cra…
[org.jenkins-ci.plugins:cobertura] Arbitrary file write vulnerability in Jenkins Cobertura Plugin
An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system. Cobertura Plugin 1.16 sanitizes the file path…
[org.jenkins-ci.plugins:audit-trail] XSS vulnerability in Jenkins Audit Trail Plugin
Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. Audit Trail Plugin 3.3 escapes the affected part of the error message….
[org.jenkins-ci.plugins:timestamper] Stored XSS vulnerability in Jenkins Timestamper Plugin
Timestamper Plugin 1.11.1 and earlier does not escape or sanitize the HTML formatting used to display the timestamps in console output for builds.
This results in a stored cross-site scripting vulnerability that can be exploited by users with Overall/A…
[org.jenkins-ci.plugins:script-security] Sandbox bypass vulnerability in Script Security Plugin
Sandbox protection in Script Security Plugin 1.70 and earlier can be circumvented through:\n- Crafted constructor calls and bodies (due to an incomplete fix of SECURITY-582)
Crafted method calls on objects that implement GroovyInterceptable
This allo…
[org.jenkins-ci.plugins:harvest] Passwords stored in plain text by Harvest SCM Plugin
Harvest SCM Plugin 0.5.1 and earlier stores SCM passwords unencrypted in its global configuration file hudson.plugins.harvest.HarvestSCM.xml and in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended R…
[org.jenkins-ci.plugins:harvest] Passwords stored in plain text by Harvest SCM Plugin
Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
References
https://nvd.nist.g…
[com.applatix.jenkins:applatix] Password stored in plain text by Applatix Plugin
Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.
References
https://nvd.nist.gov/vul…
[ru.yandex.jenkins.plugins.debuilder:debian-package-builder] Credentials stored in plain text by debian-package-builder Plugin
debian-package-builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file ru.yandex.jenkins.plugins.debuilder.DebianPackageBuilder.xml on the Jenkins controller. This credential can be viewed by users with ac…