Filtered by vendor Jenkins
Subscribe
Total
1465 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-36478 | 3 Debian, Eclipse, Jenkins | 3 Debian Linux, Jetty, Jenkins | 2024-06-21 | N/A | 7.5 HIGH |
Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds. | |||||
CVE-2024-23898 | 1 Jenkins | 1 Jenkins | 2024-05-14 | N/A | 8.8 HIGH |
Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller. | |||||
CVE-2022-27211 | 1 Jenkins | 1 Kubernetes Continuous Deploy | 2024-02-16 | 4.0 MEDIUM | 6.5 MEDIUM |
A missing/An incorrect permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
CVE-2024-23905 | 1 Jenkins | 1 Red Hat Dependency Analytics | 2024-02-05 | N/A | 5.4 MEDIUM |
Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | |||||
CVE-2023-50779 | 1 Jenkins | 1 Paaslane Estimate | 2024-02-05 | N/A | 4.3 MEDIUM |
Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token. | |||||
CVE-2023-50776 | 1 Jenkins | 1 Paaslane Estimate | 2024-02-05 | N/A | 4.3 MEDIUM |
Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
CVE-2023-49652 | 1 Jenkins | 1 Google Compute Engine | 2024-02-05 | N/A | 2.7 LOW |
Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate system-scoped credentials IDs of credentials stored in Jenkins and to connect to Google Cloud Platform using attacker-specified credentials IDs obtained through another method, to obtain information about existing projects. This fix has been backported to 4.3.17.1. | |||||
CVE-2023-49674 | 1 Jenkins | 1 Neuvector Vulnerability Scanner | 2024-02-05 | N/A | 4.3 MEDIUM |
A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. | |||||
CVE-2024-23902 | 1 Jenkins | 1 Github Branch Source | 2024-02-05 | N/A | 4.3 MEDIUM |
A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL. | |||||
CVE-2024-23899 | 1 Jenkins | 1 Git Server | 2024-02-05 | N/A | 6.5 MEDIUM |
Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system. | |||||
CVE-2023-50764 | 1 Jenkins | 1 Scriptler | 2024-02-05 | N/A | 8.1 HIGH |
Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system. | |||||
CVE-2023-49653 | 1 Jenkins | 1 Jira | 2024-02-05 | N/A | 6.5 MEDIUM |
Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. | |||||
CVE-2023-49654 | 1 Jenkins | 1 Matlab | 2024-02-05 | N/A | 9.8 CRITICAL |
Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system. | |||||
CVE-2023-50770 | 1 Jenkins | 1 Openid | 2024-02-05 | N/A | 6.7 MEDIUM |
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins. | |||||
CVE-2023-50777 | 1 Jenkins | 1 Paaslane Estimate | 2024-02-05 | N/A | 4.3 MEDIUM |
Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | |||||
CVE-2023-50775 | 1 Jenkins | 1 Deployment Dashboard | 2024-02-05 | N/A | 4.3 MEDIUM |
A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs. | |||||
CVE-2023-50771 | 1 Jenkins | 1 Openid | 2024-02-05 | N/A | 6.1 MEDIUM |
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | |||||
CVE-2023-50768 | 1 Jenkins | 1 Nexus Platform | 2024-02-05 | N/A | 8.8 HIGH |
A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
CVE-2023-50774 | 1 Jenkins | 1 Html Resource | 2024-02-05 | N/A | 8.1 HIGH |
A cross-site request forgery (CSRF) vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier allows attackers to delete arbitrary files on the Jenkins controller file system. | |||||
CVE-2024-23904 | 1 Jenkins | 1 Log Command | 2024-02-05 | N/A | 7.5 HIGH |
Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file system. |