Jenkins Plugins Multiple Security Vulnerabilities

Jenkins plugins are prone to the following vulnerabilities:

1. A cross-site scripting vulnerability
2. Multiple cross-site request forgery vulnerabilities
4. Multiple information disclosure vulnerabilities
5. An XML External Entity injection vulnerability

An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application. This may aid in further attacks.

The following Jenkins plugins versions are vulnerable:

Artifactory Plugin through 3.2.2
Gitea Plugin through 1.1.1
InfluxDB Plugin through 1.21
Pipeline Maven Integration Plugin through 3.7.0
Pipeline Remote Loader Plugin through 1.4
Warnings Next Generation Plugin through 5.0.0


 

Privacy Statement
Copyright 2010, SecurityFocus