Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job’s display name shown as part of a build cause.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission…
[io.jenkins.blueocean:blueocean] Missing permission check in Blue Ocean Plugin
Updated 2020-09-16
This entry previously misidentified the problematic behavior. The HTTP request itself is legitimate, but only authorized users should be able to perform it.
Original Description
Blue Ocean Plugin 1.23.2 and earlier does not perform p…
[io.jenkins.blueocean:blueocean] Path traversal vulnerability in Blue Ocean Plugin
Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag, blueocean.features.GIT_READ_SAVE_TYPE, that when set to the value clone allows an attacker with Item/Configure or Item/Create permission to read arbitrary files on the Jenkins …
[org.jenkins-ci.plugins:email-ext] Missing hostname validation in Email Extension Plugin
Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections.
Email Extension Plugin …
[Microsoft.AspNetCore.Http] Cookie parsing failure
A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being …
[org.jenkins-ci.plugins:vmanager-plugin] Stored XSS vulnerability in Jenkins Cadence vManager Plugin
Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.
Cadence vManager Plugin 3.0.5 removes …
[org.jenkins-ci.plugins:soapui-pro-functional-testing] Passwords transmitted in plain text by Jenkins ReadyAPI Functional Testing Plugin
ReadyAPI Functional Testing Plugin stores project passwords in job config.xml files on the Jenkins controller as part of its configuration.
While these passwords are stored encrypted on disk since ReadyAPI Functional Testing Plugin 1.4, they are transm…
[org.jenkins-ci.plugins:jsgames] Reflected XSS vulnerability in Jenkins JSGames Plugin
Jenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code, resulting in a reflected cross-site scripting (XSS) vulnerability.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-2248
https://jenkins.io/security/advisory/2020-09-01/#SECUR…
[com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer] XSS vulnerability in Jenkins Build Failure Analyzer Plugin
Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to tes…
[org.jenkins-ci.plugins:klocwork] XXE vulnerability in Jenkins Klocwork Analysis Plugin
Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
This allows a user able to control the input files for the Klocwork plugin parser to have Jenkins parse a crafted file that us…