Updated 2020-09-16
This entry previously misidentified the problematic behavior. The HTTP request itself is legitimate, but only authorized users should be able to perform it.
Original Description
Blue Ocean Plugin 1.23.2 and earlier does not perform p…
[org.jenkins-ci.plugins:cloudbees-jenkins-advisor] Incorrect permission check in Health Advisor by CloudBees Plugin
Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint.
This allows attackers with Overall/Read permission to view an administrative configuration page.
Health Advisor by CloudBees Plugin …
[org.jenkins-ci.plugins:email-ext] Missing hostname validation in Email Extension Plugin
Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections.
Email Extension Plugin …
[io.jenkins.blueocean:blueocean] Path traversal vulnerability in Blue Ocean Plugin
Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag, blueocean.features.GIT_READ_SAVE_TYPE, that when set to the value clone allows an attacker with Item/Configure or Item/Create permission to read arbitrary files on the Jenkins …
[org.jenkins-ci.plugins:soapui-pro-functional-testing] Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin
ReadyAPI Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files as part of its configuration. These project passwords can be viewed by attackers with Extended Read permission or access to the Jenkins cont…
[org.jenkins-ci.plugins:soapui-pro-functional-testing] Passwords transmitted in plain text by Jenkins ReadyAPI Functional Testing Plugin
ReadyAPI Functional Testing Plugin stores project passwords in job config.xml files on the Jenkins controller as part of its configuration.
While these passwords are stored encrypted on disk since ReadyAPI Functional Testing Plugin 1.4, they are transm…
[org.jenkins-ci.plugins:database] CSRF vulnerability in Jenkins Database Plugin
A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials.
Database Plugin 1.7 requires POST requests for the a…
[org.jenkins-ci.plugins:database] Missing permission checks in Jenkins Database Plugin
A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials.
Database Plugin 1.7 requires Overall/Ad…
[org.jenkins-ci.plugins:flaky-test-handler] CSRF vulnerability in Jenkins Flaky Test Handler Plugin
Flaky Test Handler Plugin 1.0.4 and earlier does not require POST requests for the “Deflake this build” feature, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to rebuild a project at a previous git …
[org.jenkins-ci.main:jenkins-core] Improper Neutralization of Input During Web Page Generation in Jenkins
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via ‘Trigger builds remotely’, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure per…