Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via ‘Trigger builds remotely’, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure per…
[com.axis.system.jenkins.plugins.downstream:yet-another-build-visualizer] Stored XSS vulnerability in Jenkins Yet Another Build Visualizer Plugin
Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Run/Update permission.
Yet Another Build Visualizer Plugin 1.12 escapes to…
[org.jenkins-ci.plugins:pipeline-maven] Missing permission check in Jenkins Pipeline Maven Integration Plugin allow capturing credentials
Pipeline Maven Integration Plugin 3.8.2 and earlier does not perform a permission check in a method implementing form validation.
This allows users with Overall/Read access to Jenkins to connect to an attacker-specified JDBC URL using attacker-specifie…
[org.jenkins-ci.plugins:pipeline-maven] Missing permission check in Jenkins Pipeline Maven Integration Plugin allows enumerating credentials IDs
Pipeline Maven Integration Plugin 3.8.2 and earlier does not perform a permission check in an HTTP endpoint.
This allows attackers with Overall/Read access to Jenkins to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as p…
[org.jenkins-ci.plugins:email-ext] Jenkins Email Extension Plugin SMTP password transmitted and displayed in plain text
Email Extension Plugin stores an SMTP password in its global configuration file hudson.plugins.emailext.ExtendedEmailPublisher.xml on the Jenkins controller as part of its configuration.
While this password is stored encrypted on disk, it is transmitte…
[org.jenkins-ci.plugins:deployer-framework] Stored XSS vulnerability in Jenkins Deployer Framework Plugin
Deployer Framework Plugin is a framework plugin allowing other plugins to provide a way to deploy artifacts. Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page. This results in a stored cross-site scripti…
[org.jenkins-ci.plugins:gitlab-oauth] Improper authorization of users and groups with the same base name in Jenkins GitLab Authentication Plugin
GitLab Authentication Plugin 1.5 and earlier does not differentiate between user names and hierarchical group names when performing authorization. This allows an attacker with permissions to create groups in GitLab to gain the privileges granted to ano…
[org.jenkins-ci.main:jenkins-core] Stored XSS vulnerability in Jenkins ‘keep forever’ badge icon
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the ‘Keep this build forever’ badge tooltip. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users able to configure job names.
As job n…
[org.jenkins-ci.main:jenkins-core] Stored XSS vulnerability in Jenkins console links
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the href attribute of links to downstream jobs displayed in the build console page. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Confi…
[org.jenkins-ci.main:jenkins-core] Stored XSS vulnerability in Jenkins upstream cause
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job’s display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability.
Jenkins 2.245, LTS 2.235.2 escapes the job display name.
Refere…