Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2019-1003040 CVE-2019-1003041 CVE-2019-1003042 CVE-2019-1003043 CVE-2019-1003044 CVE-2019-1003045 CVE-2019-1003047 CVE-2019-1003046 CVE-2019-1003048

Source

                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: Multiple vulnerabilities in Jenkins plugins

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Daniel Beck &lt;ml () beckweb net&gt;

Date: Thu, 28 Mar 2019 19:53:45 +0100

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->

On 25. Mar 2019, at 16:09, Daniel Beck &lt;ml () beckweb net&gt; wrote:

SECURITY-1353
Sandbox projection in the Script Security and Pipeline: Groovy Plugins 
could be circumvented through methods supporting type casts and type 
coercion. This allowed attackers to invoke constructors for arbitrary types.

CVE-2019-1003040 (Script Security) and CVE-2019-1003041 (Pipeline: Groovy)

SECURITY-1361
Lockable Resources Plugin did not properly escape resource names in 
generated JavaScript code, thus leading to a cross-site scripting (XSS) 
vulnerability.

CVE-2019-1003042

SECURITY-976
[Slack Notification Plugin] did not perform permission checks on a method 
implementing form validation. This allowed users with Overall/Read access 
to Jenkins to connect to an attacker-specified URL using attacker-specified 
credentials IDs obtained through another method, capturing credentials 
stored in Jenkins.

CVE-2019-1003043

Additionally, this form validation method did not require POST requests, 
resulting in a cross-site request forgery vulnerability.

CVE-2019-1003044

SECURITY-846
ECS Publisher Plugin stored the API token unencrypted in jobs' config.xml 
files and its global configuration file on the Jenkins master. This token 
could be viewed by users with Extended Read permission, or access to the 
master file system.

CVE-2019-1003045

SECURITY-992
A missing permission check in multiple form validation methods in Fortify 
on Demand Uploader Plugin allowed users with Overall/Read permission to 
initiate a connection test to an attacker-specified server.

CVE-2019-1003047

Additionally, the form validation methods did not require POST requests, 
resulting in a CSRF vulnerability.

CVE-2019-1003046

SECURITY-1089
PRQA Plugin stored a password unencrypted in its global configuration file 
on the Jenkins master. This password could be viewed by users with access 
to the master file system.

CVE-2019-1003048

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jan 28)

Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Feb 06)

&lt;Possible follow-ups&gt;
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Feb 19)

Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Feb 23)

Multiple vulnerabilities in Jenkins plugins Daniel Beck (Mar 06)

Multiple vulnerabilities in Jenkins plugins Daniel Beck (Mar 25)

Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Mar 25)

Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Mar 28)

 

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Re: Multiple vulnerabilities in Jenkins plugins

Vulmon Search

About

Products

Connect