Pipeline GitHub Notify Step Plugin 1.0.4 and earlier provides a list of applicable credential IDs to allow users configuring the plugin to select the one to use.
This functionality does not correctly check permissions, allowing any user with Overall/Re…
[org.jenkins-ci.plugins:pipeline-githubnotify-step] Missing permission checks in Pipeline GitHub Notify Step Plugin allows capturing credentials
A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, c…
[org.jenkins-ci.plugins:azure-ad] Client secret transmitted in plain text by Azure AD Plugin
Azure AD Plugin stores a client secret in its global configuration.
While the credential is stored encrypted on disk, it is transmitted in plain text as part of the configuration form by Azure AD Plugin 1.1.2 and earlier. This can result in exposure of…
[org.jenkins-ci.plugins:nunit] XXE vulnerability in NUnit Plugin
NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks.
This allows a user able to control the input files for its post-build step to have Jenkins parse a crafted file that uses external entities fo…
[org.jenkins-ci.tools:git-parameter] Jenkins Git Parameter Plugin vulnerable to Stored cross-site scripting (XSS)
Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.
References
https://nvd.nist.gov/vuln/detai…
[org.jenkins-ci.tools:git-parameter] Jenkins Git Parameter Plugin vulnerable to stored cross-site scripting (XSS)
Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.
References
https://nvd.nist.gov/vuln/detail…
[org.jenkins-ci.plugins:s3] Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration
S3 Publisher Plugin stores a secret key in its global configuration. While the credential is stored encrypted on disk, it is transmitted in plain text as part of the configuration form by S3 publisher Plugin 0.11.4 and earlier. This can result in expos…
[omniauth-weibo-oauth2] omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third party
The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions through 0.4.5, and 0.5.1 and later, are unaffected.
References
https://nvd.nist.gov/vuln/detail/CVE-20…
[io.jenkins.plugins:code-coverage-api] Stored XSS vulnerability in Code Coverage API Plugin
Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view.
This results in a stored cross-site scripting vulnerability that can be exploited by users able to change the job configuration.
Code Cover…
[org.jenkins-ci.main:jenkins-core] Jenkins REST APIs vulnerable to clickjacking
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier does not serve the X-Frame-Options: deny HTTP header on REST API responses to protect against clickjacking attacks. An attacker could exploit this by routing the victim through a specially crafted web …