An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system. Cobertura Plugin 1.16 sanitizes the file path…
[org.jenkins-ci.plugins:audit-trail] XSS vulnerability in Jenkins Audit Trail Plugin
Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. Audit Trail Plugin 3.3 escapes the affected part of the error message….
[org.jenkins-ci.plugins:timestamper] Stored XSS vulnerability in Jenkins Timestamper Plugin
Timestamper Plugin 1.11.1 and earlier does not escape or sanitize the HTML formatting used to display the timestamps in console output for builds.
This results in a stored cross-site scripting vulnerability that can be exploited by users with Overall/A…
[org.jenkins-ci.plugins:script-security] Sandbox bypass vulnerability in Script Security Plugin
Sandbox protection in Script Security Plugin 1.70 and earlier can be circumvented through:\n- Crafted constructor calls and bodies (due to an incomplete fix of SECURITY-582)
Crafted method calls on objects that implement GroovyInterceptable
This allo…
[org.jenkins-ci.plugins:harvest] Passwords stored in plain text by Harvest SCM Plugin
Harvest SCM Plugin 0.5.1 and earlier stores SCM passwords unencrypted in its global configuration file hudson.plugins.harvest.HarvestSCM.xml and in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended R…
[org.jenkins-ci.plugins:harvest] Passwords stored in plain text by Harvest SCM Plugin
Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
References
https://nvd.nist.g…
[com.applatix.jenkins:applatix] Password stored in plain text by Applatix Plugin
Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.
References
https://nvd.nist.gov/vul…
[ru.yandex.jenkins.plugins.debuilder:debian-package-builder] Credentials stored in plain text by debian-package-builder Plugin
debian-package-builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file ru.yandex.jenkins.plugins.debuilder.DebianPackageBuilder.xml on the Jenkins controller. This credential can be viewed by users with ac…
[org.jenkins-ci.plugins:radargun] RCE vulnerability in RadarGun Plugin
RadarGun Plugin 1.7 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution vulnerability exploitable by users able to configure RadarGun Plugin’s build step.
RadarGun Plug…
[org.jenkins-ci.plugins:brakeman] Stored XSS vulnerability in Jenkins brakeman Plugin
brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability.
This vulnerability can be exploited by users able to control the Brakeman post-build s…