Jenkins shows various technical details about the current user on the /whoAmI page. In a previous fix, the Cookie header value containing the HTTP session ID was redacted. However, user metadata shown on this page could also include the HTTP session ID…
[org.jenkins-ci.main:jenkins-core] Non-constant time comparison of inbound TCP agent connection secret
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier does not use a constant-time comparison validating the connection secret when an inbound TCP agent connection is initiated. This could potentially allow attackers to use statistical methods to obtain t…
[org.jenkins-ci.main:jenkins-core] Non-constant time HMAC comparison
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier does not use a constant-time comparison when checking whether two HMACs are equal. This could potentially allow attackers to use statistical methods to obtain a valid HMAC for an attacker-controlled in…
[org.jenkins-ci.main:jenkins-core] Jenkins vulnerable to UDP amplification reflection attack
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier supports two network discovery services (UDP multicast/broadcast and DNS multicast) by default.
The UDP multicast/broadcast service can be used in an amplification reflection attack, as very few bytes …
[papercrop] papercrop does not properly handle crop input
The papercrop gem before 0.3.0 for Ruby on Rails does not properly handle crop input.
References
https://nvd.nist.gov/vuln/detail/CVE-2015-2784
https://github.com/rsantamaria/papercrop/commit/b4ecd95debaf0a8712bd1d34def83f41fc6b3579
https://github.com…
[org.jenkins-ci.plugins:sounds] Missing permission checks in Jenkins Sounds Plugin allow OS command execution
Jenkins Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation, allowing attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins.
References
https://nvd.ni…
[org.jenkins-ci.plugins:robot] XXE vulnerability in Jenkins Robot Framework Plugin
Robot Framework Plugin 2.0.0 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks.
This allows a user able to control the input files for the ‘Publish Robot Framework’ post-build step to have Jenkins parse a crafte…
[org.jenkins-ci.plugins:cloudbees-jenkins-advisor] Missing permission checks in Health Advisor by CloudBees Plugin
Health Advisor by CloudBees Plugin 3.0 and earlier does not perform permission checks in methods performing form validation. This allows users with Overall/Read access to send an email with fixed content to an attacker-specified recipient.
Additionally…
[com.redgate.plugins.redgatesqlci:redgate-sql-ci] Redgate SQL Change Automation Plugin stored credentials in plain text
Redgate SQL Change Automation Plugin 2.0.4 and earlier stores a NuGet API key unencrypted in job config.xml files as part of its configuration. This credential could be viewed by users with Extended Read permission or access to the Jenkins controller f…
[org.jenkins-ci.ruby-plugins:gitlab-hook] Reflected XSS vulnerability in Jenkins gitlab-hook Plugin
Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-2096
https://jenkins.io/security/advisory/2020-01-15…