Swarm Plugin adds API endpoints to add or remove agent labels. In Swarm Plugin 3.20 and earlier these only require a global Swarm secret to use, and no regular permission check is performed. This allows users with Agent/Create permission to add or remo…
[org.jenkins-ci.plugins:swarm] Improper permission checks in Jenkins Swarm Plugin
Swarm Plugin adds API endpoints to add or remove agent labels. In Swarm Plugin 3.20 and earlier these only require a global Swarm secret to use, and no regular permission check is performed. This allows users with Agent/Create permission to add or remo…
[io.jenkins.plugins:echarts-api] Stored XSS vulnerability in Jenkins ECharts API Plugin
ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts.
This results in a stored cross-site scripting (XSS) vulnerability that can be exploited by users with Job/Configure permission.
ECharts API Plugin 4.7.0…
[org.jenkins-ci.plugins:selenium] Complete lack of CSRF protection in Jenkins Selenium Plugin can lead to OS command injection
Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints.
This allows attackers to perform the following actions:
Restart the Selenium Grid hub.
Delete or replace the plugin configuration.
Start, stop, or restart Selenium con…
[org.jenkins-ci.plugins:compact-columns] Stored XSS vulnerability in Jenkins Compact Columns Plugin
Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips.
This results in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission.
Compact Columns Plugin 1.12 applies …
[io.jenkins.plugins:echarts-api] Stored XSS vulnerability in Jenkins ECharts API Plugin
ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart.
This results in a stored cross-site scripting (XSS) vulnerability that can be exploited by users with Run/Update permission.
ECharts API Plugin 4….
[org.jenkins-ci.plugins:ec2] Lack of SSL/TLS certificate and hostname validation in Amazon EC2 Plugin
Amazon EC2 Plugin connects to Windows agents via HTTPS.
Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed HTTPS certificates and does not perform hostname validation when connecting to Windows agents. This lack of validation coul…
[org.jenkins-ci.plugins:ec2] Missing SSH host key validation in Amazon EC2 Plugin
Amazon EC2 Plugin 1.50.1 and earlier does not use SSH host key validation when connecting to agents. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to build agents.
Amazon EC2 Plugin 1.50.2 provi…
[org.jenkins-ci.plugins:ec2] Users with Overall/Read access can enumerate credentials IDs in Amazon EC2 Plugin
Amazon EC2 Plugin provides a list of applicable credentials IDs to allow users configuring the plugin to select the one to use.
This functionality does not correctly check permissions in Amazon EC2 Plugin 1.50.1 and earlier, allowing any user with Over…
[io.jenkins.plugins:scm-filter-jervis] RCE vulnerability in SCM Filter Jervis Plugin
SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution (RCE) vulnerability exploitable by users able to configure jobs with the filter, or c…