Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the href attribute of links to downstream jobs displayed in the build console page. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Confi…
[org.jenkins-ci.main:jenkins-core] Stored XSS vulnerability in Jenkins upstream cause
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job’s display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability.
Jenkins 2.245, LTS 2.235.2 escapes the job display name.
Refere…
[org.jenkins-ci.main:jenkins-core] Stored XSS vulnerability in Jenkins job build time trend
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability.
Jenkins 2.245, LTS 2.235.2 escapes the agent name.
References
https://nvd.nist.go…
[org.jenkins-ci.plugins:fortify-on-demand-uploader] Users with Overall/Read access could enumerate credentials IDs in Jenkins Fortify on Demand Plugin
Fortify on Demand Plugin provides a list of applicable credentials IDs to allow users configuring the plugin to select the one to use.
This functionality does not correctly check permissions in Fortify on Demand Plugin 6.0.0 and earlier, allowing any u…
[org.jenkins-ci.plugins:sonargraph-integration] Stored XSS vulnerability in Jenkins Sonargraph Integration Plugin
Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation.
This results in a stored cross-site scripting (XSS) vulnerability that can be exploited by users with Job/Configure permission.
Sonarg…
[org.jenkins-ci.plugins:fortify-on-demand-uploader] CSRF vulnerability in Jenkins Fortify on Demand Plugin
A cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs.
This form validation method req…
[hudson.plugins:project-inheritance] Missing permission check in Jenkins Project Inheritance Plugin
Jenkins Project Inheritance Plugin 21.04.03 and earlier does not redact encrypted secrets in the ‘getConfigAsXML’ API URL when transmitting job config.xml data to users without Job/Configure.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-2198
h…
[hudson.plugins:project-inheritance] Missing permission check in Jenkins Project Inheritance Plugin
Jenkins limits access to job configuration XML data (config.xml) to users with Job/ExtendedRead permission, typically implied by Job/Configure permission. Project Inheritance Plugin has several job inspection features, including the API URL /job/…/get…
[org.jenkins-ci.plugins:svn-partial-release-mgr] XSS vulnerability in Jenkins Subversion Partial Release Manager Plugin
Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation.
This results in a reflected cross-site scripting (XSS) vulnerability that can also be exploited similar to a sto…
[org.jenkins-ci.plugins:play-autotest-plugin] OS command injection vulnerability in Jenkins Play Framework Plugin
A form validation endpoint in Play Framework Plugin executes the play command to validate a given input file.
Play Framework Plugin 1.0.2 and earlier lets users specify the path to the play command on the Jenkins controller. This results in an OS comma…