Jenkins stores jobs and other entities on disk using their name shown on the UI as file and folder names.
On Windows, when specifying a file or folder with a trailing dot character (example.), the file or folder will be treated as if that character was…
[org.jenkins-ci.main:jenkins-core] Path traversal vulnerability on Windows in Jenkins
The file browser for workspaces, archived artifacts, and userContent/ in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows.
This results in a path traversal vulnerability allowing attackers with…
[org.jenkins-ci.plugins:git] Stored XSS vulnerability in Jenkins Git Plugin
Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to su…
[org.jenkins-ci.plugins:nomad] Password stored in plain text by Jenkins Nomad Plugin
Nomad Plugin 0.7.4 and earlier stores the passwords to authenticate against the Docker registry unencrypted in the global config.xml file on the Jenkins controller as part of its worker templates configuration.
These passwords can be viewed by users wi…
[smashing] Smashing Cross-site Scripting vulnerability
Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A URL for a widget can be crafted and used to execute JavaScript on the victim’s computer. The JavaScript code can then steal data available in the session/cookies depending on the user enviro…
[org.jenkins-ci.main:jenkins-core] Session fixation vulnerability in Jenkins
Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the existing session on login. This allows attackers to use social engineering techniques to gain administrator access to Jenkins.
This vulnerability was introduced in Jenkins 2.266…
[org.jenkins-ci.plugins:requests] CSRF vulnerabilities in Jenkins requests-plugin Plugin
requests-plugin Plugin 2.2.12 and earlier does not require POST requests to request and apply changes, resulting in cross-site request forgery (CSRF) vulnerabilities.
These vulnerabilities allow attackers to create requests and/or have administrators a…
[org.jenkins-ci.main:jenkins-core] Improper permission checks allow canceling queue items and aborting builds in Jenkins
Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not have Item/Read permission.
Jenkins 2.300, LTS 2.289.2 requires that users ha…
[org.jenkins-ci.plugins:requests] Missing permission check in Jenkins requests-plugin Plugin allows sending emails
requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint.
This allows attackers with Overall/Read permission to send test emails to an attacker-specified email address.
requests-plugin Plugin 2.2.8 requires Overa…
[org.jenkins-ci.plugins:cas-plugin] Open redirect vulnerability in Jenkins CAS Plugin
CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins.
This allows attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site aft…