MODERATE

[org.jenkins-ci.plugins:sqlplus-script-runner] Password written to the build log by Jenkins SQLPlus Script Runner Plugin

SQLPlus Script Runner Plugin 2.0.12 and earlier prints the sqlplus command invocation to the build log.
This log message does not redact a password provided as part of a command line argument. This password can be viewed by users with Item/Read permiss…

[org.jenkins-ci.plugins:azure-keyvault] Missing permission checks in Jenkins Azure Key Vault Plugin allow enumerating credentials IDs

Azure Key Vault Plugin 2.0 and earlier does not perform permission checks in several HTTP endpoints.
This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attac…

[org.jenkins-ci.plugins:active-directory] CSRF vulnerability in Jenkins Active Directory Plugin

Active Directory Plugin 2.19 and earlier does not require POST requests for multiple HTTP endpoints implementing connection and authentication tests, resulting in cross-site request forgery (CSRF) vulnerabilities.
This vulnerability allows attackers to…

[org.jenkins-ci.plugins:active-directory] Missing permission check in Jenkins Active Directory Plugin allows accessing domain health check page

Active Directory Plugin 2.19 and earlier does not perform a permission check in an HTTP endpoint.
This allows attackers with Overall/Read permission to access the domain health check diagnostic page.
Active Directory Plugin 2.20 requires Overall/Admini…

[com.barchart.jenkins:maven-release-cascade] Missing permission checks in Jenkins Maven Cascade Release Plugin

Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin.
References

http…

[com.barchart.jenkins:maven-release-cascade] CSRF vulnerability in Jenkins Maven Cascade Release Plugin

A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-22…

[org.jenkins-ci.plugins:shared-objects] CSRF vulnerability in Jenkins Shared Objects Plugin

A cross-site request forgery (CSRF) vulnerability in Jenkins Shared Objects Plugin 0.44 and earlier allows attackers to configure shared objects.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-2296
https://www.jenkins.io/security/advisory/2020-1…

[org.jenkins-ci.plugins:persona] Arbitrary file read vulnerability in Jenkins Persona Plugin

Jenkins Persona Plugin 2.4 and earlier allows users with Overall/Read permission to read arbitrary files on the Jenkins controller.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-2293
https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY…

[org.jenkins-ci.plugins:audit-trail] Incorrect default pattern in Jenkins Audit Trail Plugin

Audit Trail Plugin uses regular expressions to match requested URLs whose dispatch should be logged.
In Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would …

[org.jenkins-ci.plugins:liquibase-runner] Missing permission check in Jenkins Liquibase Runner Plugin allows enumerating credentials IDs

Liquibase Runner Plugin 1.4.7 and earlier does not perform a permission check in an HTTP endpoint.
This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack …

TechMedia

Featured

[vitess.io/vitess] vitess allows users to create keyspaces that can deny access to already existing keyspaces

[github.com/answerdev/answer] Answer vulnerable to account takeover because password reset links do not expire

[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to improper access control

[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter