|
|
Multiple Jenkins Plugins Multiple Security Vulnerabilities
Jenkins plugins are prone to the following vulnerabilities: 1. A cross-site request-forgery vulnerability 2. Multiple information disclosure vulnerabilities 3. Multiple cross-site scripting vulnerabilities 4. An HTML-injection vulnerability An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application. This may aid in further attacks. The following Jenkins plugins versions are vulnerable: Caliper CI plugin version 2.3 and prior are vulnerable. Dependency Graph Viewer plugin version 0.13 and prior are vulnerable Docker plugin version 1.1.6 and prior are vulnerable Embeddable Build Status plugin version 2.0.1 and prior are vulnerable Gogs plugin version 1.0.14 and prior are vulnerable Mashup Portlets plugin version 1.0.9 and prior are vulnerable Port Allocator plugin version 1.8 and prior are vulnerable |
|
Privacy Statement |