Nomad Plugin 0.7.4 and earlier stores the passwords to authenticate against the Docker registry unencrypted in the global config.xml file on the Jenkins controller as part of its worker templates configuration.
These passwords can be viewed by users wi…
[smashing] Smashing Cross-site Scripting vulnerability
Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A URL for a widget can be crafted and used to execute JavaScript on the victim’s computer. The JavaScript code can then steal data available in the session/cookies depending on the user enviro…
[org.jenkins-ci.main:jenkins-core] Session fixation vulnerability in Jenkins
Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the existing session on login. This allows attackers to use social engineering techniques to gain administrator access to Jenkins.
This vulnerability was introduced in Jenkins 2.266…
[org.jenkins-ci.plugins:requests] CSRF vulnerabilities in Jenkins requests-plugin Plugin
requests-plugin Plugin 2.2.12 and earlier does not require POST requests to request and apply changes, resulting in cross-site request forgery (CSRF) vulnerabilities.
These vulnerabilities allow attackers to create requests and/or have administrators a…
[org.jenkins-ci.main:jenkins-core] Improper permission checks allow canceling queue items and aborting builds in Jenkins
Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not have Item/Read permission.
Jenkins 2.300, LTS 2.289.2 requires that users ha…
[org.jenkins-ci.plugins:requests] Missing permission check in Jenkins requests-plugin Plugin allows sending emails
requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint.
This allows attackers with Overall/Read permission to send test emails to an attacker-specified email address.
requests-plugin Plugin 2.2.8 requires Overa…
[org.jenkins-ci.plugins:cas-plugin] Open redirect vulnerability in Jenkins CAS Plugin
CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins.
This allows attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site aft…
[com.xebialabs.deployit.ci:deployit-plugin] Missing permission check in XebiaLabs XL Deploy Plugin allows capturing credentials
An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, cap…
[com.xebialabs.deployit.ci:deployit-plugin] Missing permission check in Jenkins XebiaLabs XL Deploy Plugin allows capturing credentials
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing…
[io.jenkins.plugins:markdown-formatter] XSS vulnerability in Jenkins Markdown Formatter Plugin
Markdown Formatter Plugin 0.1.0 and earlier uses a Markdown library to parse Markdown that does not escape crafted link target URLs.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to edit any…