Items (like jobs) can be organized hierarchically in Jenkins, using the Folders Plugin or something similar. An item is expected to be accessible only if all its ancestors are accessible as well.
Matrix Authorization Strategy Plugin 2.6.5 and earlier d…
[Microsoft.NETCore.App.Runtime.linux-musl-x64] Denial of service in .NET core
.NET Core and Visual Studio Denial of Service Vulnerability due to a vulnerability which exists when creating HTTPS web request during X509 certificate chain building.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-1721
https://portal.msrc.micro…
[org.jenkins-ci.plugins:claim] XSS vulnerability in Jenkins Claim Plugin
Claim Plugin 2.18.1 and earlier does not escape the user display name shown in claims.
This results in a cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the display names of Jenkins users, either via the securi…
[io.jenkins.plugins:artifact-repository-parameter] Stored XSS vulnerability in Jenkins Artifact Repository Parameter Plugin
Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Artifact Repository Param…
[org.jenkins-ci.main:jenkins-core] Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins
Due to a time-of-check to time-of-use (TOCTOU) race condition, the file browser for workspaces, archived artifacts, and $JENKINS_HOME/userContent/ follows symbolic links to locations outside the directory being browsed in Jenkins 2.275 and LTS 2.263.2….
[cakephp/cakephp] CakePHP allows method override parameters to bypass CSRF checks
A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request…
[org.jenkins-ci.plugins:bumblebee] Credentials stored in plain text by Jenkins Bumblebee HP ALM Plugin
Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file com.agiletestware.bumblebee.BumblebeeGlobalConfig.xml on the Jenkins controller as part of its configuration.
These credentials can be viewed by u…
[org.jenkins-ci.main:jenkins-core] Excessive memory allocation in graph URLs leads to denial of service in Jenkins
Jenkins renders several different graphs for features like agent and label usage statistics, memory usage, or various plugin-provided statistics.
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit the graph size provided as query paramet…
[org.jenkins-ci.main:jenkins-core] Reflected XSS vulnerability in Jenkins markup formatter preview
Jenkins allows administrators to choose the markup formatter to use for descriptions of jobs, builds, views, etc. displayed in Jenkins. When editing such a description, users can choose to have Jenkins render a formatted preview of the description they…
[org.jenkins-ci.main:jenkins-core] Stored XSS vulnerability in Jenkins on new item page
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item types shown on the New Item page.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to specify display names …