The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes.
Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow a…
[org.jenkins-ci.plugins:subversion] Path traversal vulnerability in Jenkins Subversion Plugin allows reading arbitrary files
Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent.
This allows attackers able to control agent processes to read arbitrary files on the Jenkins controller fil…
[org.jenkins-ci.main:jenkins-core] Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes.
Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow a…
[org.jenkins-ci.main:jenkins-core] Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs. This directory is used by the Pipeline: Shared Groovy Libraries Plugin to store copi…
[org.jenkins-ci.main:jenkins-core] Agent-to-controller access control allows reading/writing most content of build directories in Jenkins
Agents are allowed some limited access to files on the Jenkins controller file system. The directories agents are allowed to access in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier include the directories storing build-related information, intende…
[camaleon_cms] Camaleon CMS vulnerable to Uncaught Exception
In Camaleon CMS, versions 2.0.1 through 2.6.0 are vulnerable to an Uncaught Exception. The app’s media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg file.
References
https://nvd.nist….
[camaleon_cms] Camaleon CMS vulnerable to Server-Side Request Forgery
In Camaleon CMS, versions 2.1.2.0 through 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or o…
[org.jenkins-ci.main:jenkins-core] Improper handling of equivalent directory names on Windows in Jenkins
Jenkins stores jobs and other entities on disk using their name shown on the UI as file and folder names.
On Windows, when specifying a file or folder with a trailing dot character (example.), the file or folder will be treated as if that character was…
[org.jenkins-ci.main:jenkins-core] Path traversal vulnerability on Windows in Jenkins
The file browser for workspaces, archived artifacts, and userContent/ in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows.
This results in a path traversal vulnerability allowing attackers with…
[org.jenkins-ci.plugins:git] Stored XSS vulnerability in Jenkins Git Plugin
Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to su…