Warnings Next Generation Plugin 8.4.4 and earlier does not perform permission checks in methods implementing form validation.
This allows attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attac…
[org.jenkins-ci.plugins:aws-credentials] Missing permission checks in Jenkins CloudBees AWS Credentials Plugin allows enumerating credentials IDs
CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints.
This allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins if any of …
[org.jenkins-ci.plugins:matrix-auth] Incorrect permission checks in Jenkins Matrix Authorization Strategy Plugin may allow accessing some items
Items (like jobs) can be organized hierarchically in Jenkins, using the Folders Plugin or something similar. An item is expected to be accessible only if all its ancestors are accessible as well.
Matrix Authorization Strategy Plugin 2.6.5 and earlier d…
[Microsoft.NETCore.App.Runtime.linux-musl-x64] Denial of service in .NET core
.NET Core and Visual Studio Denial of Service Vulnerability due to a vulnerability which exists when creating HTTPS web request during X509 certificate chain building.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-1721
https://portal.msrc.micro…
[org.jenkins-ci.plugins:claim] XSS vulnerability in Jenkins Claim Plugin
Claim Plugin 2.18.1 and earlier does not escape the user display name shown in claims.
This results in a cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the display names of Jenkins users, either via the securi…
[io.jenkins.plugins:artifact-repository-parameter] Stored XSS vulnerability in Jenkins Artifact Repository Parameter Plugin
Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Artifact Repository Param…
[org.jenkins-ci.main:jenkins-core] Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins
Due to a time-of-check to time-of-use (TOCTOU) race condition, the file browser for workspaces, archived artifacts, and $JENKINS_HOME/userContent/ follows symbolic links to locations outside the directory being browsed in Jenkins 2.275 and LTS 2.263.2….
[cakephp/cakephp] CakePHP allows method override parameters to bypass CSRF checks
A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request…
[org.jenkins-ci.plugins:bumblebee] Credentials stored in plain text by Jenkins Bumblebee HP ALM Plugin
Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file com.agiletestware.bumblebee.BumblebeeGlobalConfig.xml on the Jenkins controller as part of its configuration.
These credentials can be viewed by u…
[org.jenkins-ci.main:jenkins-core] Excessive memory allocation in graph URLs leads to denial of service in Jenkins
Jenkins renders several different graphs for features like agent and label usage statistics, memory usage, or various plugin-provided statistics.
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit the graph size provided as query paramet…