MODERATE

[org.jenkins-ci.tools:git-parameter] Jenkins Git Parameter Plugin vulnerable to Stored cross-site scripting (XSS)

Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.
References

https://nvd.nist.gov/vuln/detai…

[org.jenkins-ci.plugins:pipeline-build-step] Users with Overall/Read access can enumerate credential IDs in Pipeline GitHub Notify Step Plugin

Pipeline GitHub Notify Step Plugin 1.0.4 and earlier provides a list of applicable credential IDs to allow users configuring the plugin to select the one to use.
This functionality does not correctly check permissions, allowing any user with Overall/Re…

[org.jenkins-ci.plugins:fortify] Fortify Plugin stored credentials in plain text

Fortify Plugin 19.1.29 and earlier stored its proxy server password unencrypted in job config.xml files. This password could be read by users with the Extended Read permission.
Fortify Plugin 19.2.30 now encrypts the proxy server password.
References

…

[io.jenkins.plugins:code-coverage-api] Stored XSS vulnerability in Code Coverage API Plugin

Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view.
This results in a stored cross-site scripting vulnerability that can be exploited by users able to change the job configuration.
Code Cover…

[org.jenkins-ci.main:jenkins-core] Non-constant time HMAC comparison

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier does not use a constant-time comparison when checking whether two HMACs are equal. This could potentially allow attackers to use statistical methods to obtain a valid HMAC for an attacker-controlled in…

[org.jenkins-ci.main:jenkins-core] Non-constant time comparison of inbound TCP agent connection secret

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier does not use a constant-time comparison validating the connection secret when an inbound TCP agent connection is initiated. This could potentially allow attackers to use statistical methods to obtain t…

[org.jenkins-ci.main:jenkins-core] Jenkins Diagnostic page exposed session cookies

Jenkins shows various technical details about the current user on the /whoAmI page. In a previous fix, the Cookie header value containing the HTTP session ID was redacted. However, user metadata shown on this page could also include the HTTP session ID…

[org.jenkins-ci.main:jenkins-core] Jenkins vulnerable to UDP amplification reflection attack

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier supports two network discovery services (UDP multicast/broadcast and DNS multicast) by default.
The UDP multicast/broadcast service can be used in an amplification reflection attack, as very few bytes …

[org.jenkins-ci.main:jenkins-core] Memory usage graphs accessible to anyone with Overall/Read

Jenkins includes a feature that shows a JVM memory usage chart for the Jenkins controller.
Access to the chart in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier requires no permissions beyond the general Overall/Read, allowing users who are not adm…

[org.jenkins-ci.ruby-plugins:gitlab-hook] Reflected XSS vulnerability in Jenkins gitlab-hook Plugin

Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-2096
https://jenkins.io/security/advisory/2020-01-15…

TechMedia

Featured

[vitess.io/vitess] vitess allows users to create keyspaces that can deny access to already existing keyspaces

[github.com/answerdev/answer] Answer vulnerable to account takeover because password reset links do not expire

[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to improper access control

[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter