Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle …
[katello] katello Improper Privilege Management vulnerability
A flaw was found in Foreman’s katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the r…
[katello] katello SQL Injection vulnerability
A SQL injection flaw was found in katello’s errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix fo…
[org.jenkins-ci.plugins:jira] Jenkins Jira Plugin Incorrect Authorization vulnerability
An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.java that allows attackers with Overall/Read access to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtain…
[org.jenkins-ci.plugins:ansible] Jenkins Ansible Plugin man in the middle vulnerability
A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlaybo…
[org.jenkins-ci.plugins:jenkins-multijob-plugin] Jenkins Multijob plugin did not check permissions in the Resume Build action
Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build. Multijob plugin 1.26 introduced a permission check requiring Overall/Administer. This w…
[smalruby] smalruby and smalruby-editor vulnerable to OS Command Injection
smalruby-editor prior to 0.4.1 and smalruby prior to 0.1.11 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
References
https://nvd.nist.gov/vuln/detail/CVE-2017-2096
http://jvn.jp/en/jp/JVN50197114/index.html
http://s…
[org.jenkins-ci.plugins:groovy] Jenkins Groovy Plugin sandbox bypass vulnerability
A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can res…
[org.jenkins-ci.plugins:groovy] Jenkins Groovy Plugin sandbox bypass vulnerability
A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JV…
[mixlib-archive] mixlib-archive Path Traversal vulnerability
Chef Software’s mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using .. in tar archive entries
References
https://nvd.nist.gov/vuln/detail/CVE-2017-1000026
http…