Shelve Project Plugin 3.0 and earlier does not require POST requests for HTTP endpoints, resulting in cross-site request forgery (CSRF) vulnerabilities.
These vulnerabilities allow attackers to shelve, unshelve, or delete a project.
Shelve Project Plug…
[gitaly] Gitaly Insufficient Session Expiration vulnerability
When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. Affected versions are: >=1.79.0, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
References
https://nvd.nis…
[org.jenkins-ci.plugins:labmanager] Password stored in plain text by Jenkins VMware Lab Manager Slaves Plugin
Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.
References
https://nvd…
[org.jenkins-ci.plugins:mailcommander] Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin
Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller fi…
[org.jvnet.hudson.plugins:findbugs] Stored XSS vulnerability in Jenkins FindBugs Plugin
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin’s post build s…
[org.jvnet.hudson.plugins:analysis-core] Stored XSS vulnerability in Jenkins Static Analysis Utilities Plugin
Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
References
https://nvd…
[com.rapid7:jenkinsci-appspider-plugin] Password stored in plain text by Jenkins AppSpider Plugin
AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file com.rapid7.jenkinspider.PostBuildScan.xml on the Jenkins controller as part of its configuration.
This password can be viewed by users with access to the…
[org.jenkins-ci.plugins:azure-keyvault] Missing permission checks in Jenkins Azure Key Vault Plugin allow enumerating credentials IDs
Azure Key Vault Plugin 2.0 and earlier does not perform permission checks in several HTTP endpoints.
This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attac…
[org.jenkins-ci.plugins:sqlplus-script-runner] Password written to the build log by Jenkins SQLPlus Script Runner Plugin
SQLPlus Script Runner Plugin 2.0.12 and earlier prints the sqlplus command invocation to the build log.
This log message does not redact a password provided as part of a command line argument. This password can be viewed by users with Item/Read permiss…
[org.jenkins-ci.plugins:ansible] Missing permission checks in Jenkins Ansible Plugin allow enumerating credentials IDs
Ansible Plugin 1.0 and earlier does not perform permission checks in methods implementing form validation.
This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an…