MODERATE

[org.jenkins-ci.plugins:implied-labels] Missing permission check in Jenkins Implied Labels Plugin allows reconfiguring the plugin

Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint.
This allows attackers with Overall/Read permission to configure the plugin.
Implied Labels Plugin 0.7 requires Overall/Administer permission to configure the…

[org.6wind.jenkins:lockable-resources] CSRF vulnerability in Jenkins Lockable Resources Plugin

Lockable Resources Plugin 2.8 and earlier does not require POST requests for several HTTP endpoints, resulting in a cross-site request forgery (CSRF) vulnerability. This vulnerability allows attackers to reserve, unreserve, unlock, and reset resources….

[org.jvnet.hudson.plugins:storable-configs-plugin] Arbitrary file read vulnerability in Storable Configs Plugin

Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-2277
https://www.jenkins.io/security/advisory/2020-09-16/#SEC…

[org.jvnet.hudson.plugins:storable-configs-plugin] Arbitrary file write vulnerability in Storable Configs Plugin

Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other ‘.xml’ file on the Jenkins controller with a job config.xml file’s content.
References…

[org.jvnet.hudson.plugins:copy-data-to-workspace-plugin] Arbitrary file read vulnerability in Copy data to workspace Jenkins Plugin

Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller.
Refe…

[org.jenkins-ci.plugins:elastest] CSRF vulnerability in ElasTest Plugin

A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-2273
htt…

[org.jenkins-ci.plugins:elastest] Missing permission checks in ElasTest Plugin

A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-22…

[org.jenkins-ci.plugins:mongodb] Missing permission checks in MongoDB Plugin

A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-2…

[org.jenkins-ci.plugins:mongodb] CSRF vulnerability in MongoDB Plugin

A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-2268
ht…

[io.jenkins.plugins:perfecto] Missing permission check in Perfecto Plugin

Perfecto Plugin 1.17 and earlier does not perform a permission check in a method implementing a connection test.
This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified username and passw…

TechMedia

Featured

[vitess.io/vitess] vitess allows users to create keyspaces that can deny access to already existing keyspaces

[github.com/answerdev/answer] Answer vulnerable to account takeover because password reset links do not expire

[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to improper access control

[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter