Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Active Choices Plugin 2.5 esca…
[org.jenkins-ci.plugins:audit-trail] Incorrect default pattern in Jenkins Audit Trail Plugin
Audit Trail Plugin uses regular expressions to match requested URLs whose dispatch should be logged.
In Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would …
[org.biouno:uno-choice] Stored XSS vulnerability in Jenkins Active Choices Plugin
Active Choices Plugin 2.4 and earlier does not escape List and Map return values of sandboxed scripts for Reactive Reference Parameter.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permis…
[org.jenkins-ci.plugins:role-strategy] Improper authorization due to caching in Jenkins Role-based Authorization Strategy Plugin
Role-based Authorization Strategy Plugin 2.12 and newer uses a cache to speed up permission lookups. Role-based Authorization Strategy Plugin 3.0 and earlier this cache is not invalidated properly when an administrator changes the permission configurat…
[org.6wind.jenkins:lockable-resources] CSRF vulnerability in Jenkins Lockable Resources Plugin
Lockable Resources Plugin 2.8 and earlier does not require POST requests for several HTTP endpoints, resulting in a cross-site request forgery (CSRF) vulnerability. This vulnerability allows attackers to reserve, unreserve, unlock, and reset resources….
[org.jenkins-ci.plugins:implied-labels] Missing permission check in Jenkins Implied Labels Plugin allows reconfiguring the plugin
Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint.
This allows attackers with Overall/Read permission to configure the plugin.
Implied Labels Plugin 0.7 requires Overall/Administer permission to configure the…
[org.jenkins-ci.plugins:liquibase-runner] XXE vulnerability in Jenkins Liquibase Runner Plugin
Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
This allows attackers able to provide Liquibase changesets evaluated by the plugin to have Jenkins parse a crafted XML file that u…
[org.jenkins-ci.plugins:liquibase-runner] Missing permission check in Jenkins Liquibase Runner Plugin allows enumerating credentials IDs
Liquibase Runner Plugin 1.4.7 and earlier does not perform a permission check in an HTTP endpoint.
This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack …
[org.jvnet.hudson.plugins:warnings] CSRF vulnerability in Jenkins warnings Plugin allows remote code execution
warnings Plugin 5.0.1 and earlier does not require POST requests for a form validation method intended for testing custom warnings parsers, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to execute a…
[org.jenkins-ci.plugins:elastest] Passwords stored in plain text by ElasTest Plugin
Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
References
https://nvd.nist….