Jenkins provides XML REST APIs to configure views, jobs, and other items. When deserialization fails because of invalid data, Jenkins 2.274 and earlier, LTS 2.263.1 and earlier stores invalid object references created through these endpoints in the Old…
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm] ASP.NET Core and Visual Studio Denial of Service Vulnerability
A denial-of-service vulnerability exists in the way Kestrel parses HTTP/2 requests. The security update addresses the vulnerability by fixing the way the Kestrel parses HTTP/2 requests. Users are advised to upgrade.
References
https://nvd.nist.gov/vul…
[org.jenkins-ci.plugins:cvs] XXE vulnerability in Jenkins CVS Plugin
CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
This allows attackers able to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction…
[io.jenkins.plugins:chaos-monkey] Missing permission checks in Jenkins Chaos Monkey Plugin
Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints.
This allows attackers with Overall/Read permission to generate load and to generate memory leaks.
Chaos Monkey Plugin 0.4 requires Overall/Administer perm…
[io.jenkins.plugins:chaos-monkey] Missing permission checks in Jenkins Chaos Monkey Plugin
Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint.
This allows attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions.
Chaos Monkey Plugin 0.4.1 requires Overall…
[org.jenkins-ci.plugins:shelve-project-plugin] CSRF vulnerability in Jenkins Shelve Project Plugin
Shelve Project Plugin 3.0 and earlier does not require POST requests for HTTP endpoints, resulting in cross-site request forgery (CSRF) vulnerabilities.
These vulnerabilities allow attackers to shelve, unshelve, or delete a project.
Shelve Project Plug…
[gitaly] Gitaly Insufficient Session Expiration vulnerability
When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. Affected versions are: >=1.79.0, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
References
https://nvd.nis…
[org.jenkins-ci.plugins:labmanager] Password stored in plain text by Jenkins VMware Lab Manager Slaves Plugin
Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.
References
https://nvd…
[org.jenkins-ci.plugins:mailcommander] Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin
Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller fi…
[org.jvnet.hudson.plugins:findbugs] Stored XSS vulnerability in Jenkins FindBugs Plugin
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin’s post build s…