ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts.
This results in a stored cross-site scripting (XSS) vulnerability that can be exploited by users with Job/Configure permission.
ECharts API Plugin 4.7.0…
[org.jenkins-ci.plugins:selenium] Complete lack of CSRF protection in Jenkins Selenium Plugin can lead to OS command injection
Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints.
This allows attackers to perform the following actions:
Restart the Selenium Grid hub.
Delete or replace the plugin configuration.
Start, stop, or restart Selenium con…
[org.jenkins-ci.plugins:compact-columns] Stored XSS vulnerability in Jenkins Compact Columns Plugin
Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips.
This results in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission.
Compact Columns Plugin 1.12 applies …
[io.jenkins.plugins:echarts-api] Stored XSS vulnerability in Jenkins ECharts API Plugin
ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart.
This results in a stored cross-site scripting (XSS) vulnerability that can be exploited by users with Run/Update permission.
ECharts API Plugin 4….
[org.jenkins-ci.plugins:ec2] Lack of SSL/TLS certificate and hostname validation in Amazon EC2 Plugin
Amazon EC2 Plugin connects to Windows agents via HTTPS.
Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed HTTPS certificates and does not perform hostname validation when connecting to Windows agents. This lack of validation coul…
[org.jenkins-ci.plugins:ec2] Missing SSH host key validation in Amazon EC2 Plugin
Amazon EC2 Plugin 1.50.1 and earlier does not use SSH host key validation when connecting to agents. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to build agents.
Amazon EC2 Plugin 1.50.2 provi…
[org.jenkins-ci.plugins:ec2] Users with Overall/Read access can enumerate credentials IDs in Amazon EC2 Plugin
Amazon EC2 Plugin provides a list of applicable credentials IDs to allow users configuring the plugin to select the one to use.
This functionality does not correctly check permissions in Amazon EC2 Plugin 1.50.1 and earlier, allowing any user with Over…
[io.jenkins.plugins:scm-filter-jervis] RCE vulnerability in SCM Filter Jervis Plugin
SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution (RCE) vulnerability exploitable by users able to configure jobs with the filter, or c…
[org.jenkins-ci.plugins:credentials-binding] Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps
Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.
Credentials Binding Plugin 1.23 now masks secrets when the build contains no build steps.
Referenc…
[org.jenkins-ci.plugins:credentials-binding] Improper masking of some secrets in Jenkins Credentials Binding Plugin
Credentials Binding Plugin allows specifying passwords and other secrets as environment variables, and will hide them from console output in builds. As a side effect of the fix for SECURITY-698, $ characters in secrets are escaped to $$. This will then…