Azure AD Plugin stores a client secret in its global configuration.
While the credential is stored encrypted on disk, it is transmitted in plain text as part of the configuration form by Azure AD Plugin 1.1.2 and earlier. This can result in exposure of…
[org.jenkins-ci.plugins:nunit] XXE vulnerability in NUnit Plugin
NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks.
This allows a user able to control the input files for its post-build step to have Jenkins parse a crafted file that uses external entities fo…
[org.jenkins-ci.tools:git-parameter] Jenkins Git Parameter Plugin vulnerable to Stored cross-site scripting (XSS)
Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.
References
https://nvd.nist.gov/vuln/detai…
[org.jenkins-ci.tools:git-parameter] Jenkins Git Parameter Plugin vulnerable to stored cross-site scripting (XSS)
Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.
References
https://nvd.nist.gov/vuln/detail…
[org.jenkins-ci.plugins:s3] Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration
S3 Publisher Plugin stores a secret key in its global configuration. While the credential is stored encrypted on disk, it is transmitted in plain text as part of the configuration form by S3 publisher Plugin 0.11.4 and earlier. This can result in expos…
[omniauth-weibo-oauth2] omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third party
The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions through 0.4.5, and 0.5.1 and later, are unaffected.
References
https://nvd.nist.gov/vuln/detail/CVE-20…
[io.jenkins.plugins:code-coverage-api] Stored XSS vulnerability in Code Coverage API Plugin
Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view.
This results in a stored cross-site scripting vulnerability that can be exploited by users able to change the job configuration.
Code Cover…
[org.jenkins-ci.main:jenkins-core] Jenkins REST APIs vulnerable to clickjacking
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier does not serve the X-Frame-Options: deny HTTP header on REST API responses to protect against clickjacking attacks. An attacker could exploit this by routing the victim through a specially crafted web …
[org.jenkins-ci.plugins:fortify] Fortify Plugin stored credentials in plain text
Fortify Plugin 19.1.29 and earlier stored its proxy server password unencrypted in job config.xml files. This password could be read by users with the Extended Read permission.
Fortify Plugin 19.2.30 now encrypts the proxy server password.
References
…
[org.jenkins-ci.plugins:websphere-deployer] XXE vulnerability in Jenkins WebSphere Deployer Plugin
WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. This could be exploited by a user with Job/Configure permissions to upload a specially crafted war file containing a WEB-INF/ibm…