Yaroslav Afenkin

**Nome do Software Vulnerável e Versões Afetadas** Plugin Jenkins Redpen - Pipeline Reporter for Jira versões 1.054.v7b 9517b 6b 202 e anteriores **Descrição** O Plugin Jenkins Redpen - Pipeline Reporter for Jira não valida adequadamente os caminhos de arquivo dentro do diretório de workspace durante o upload de artefatos para o Jira. Isso permite que usuários com permissões de Item/Configure acessem arquivos localizados no diretório de workspace do controller Jenkins. O problema decorre de validação de caminho insuficiente, potencialmente permitindo a recuperação não autorizada de arquivos. **Recomendações** Atualize o Plugin Jenkins Redpen - Pipeline Reporter for Jira para uma versão posterior à 1.054.v7b 9517b 6b 202.

**Nome do Software Vulnerável e Versões Afetadas** Plugin Jenkins GitLab versões 1.9.6 e anteriores **Descrição** O problema está relacionado a uma verificação de permissão incorreta no Plugin Jenkins GitLab. Isso permite que atacantes com permissão global Item/Configure, mas sem permissão Item/Configure em qualquer job específico, enumerem os IDs de credenciais de token da API do GitLab e credenciais de texto secreto armazenadas no Jenkins. Esses IDs de credenciais podem ser usados como parte de um ataque para capturar as credenciais utilizando outra vulnerabilidade. **Recomendações** Para as versões 1.9.6 e anteriores do Plugin Jenkins GitLab, atualize para a versão 1.9.7 ou posterior para resolver o problema. Como solução temporária, considere restringir o acesso à permissão global Item/Configure para minimizar o risco de exploração. Além disso, restrinja o acesso ao endpoint HTTP relacionado ao Plugin GitLab para prevenir a enumeração de IDs de credenciais.

**Nome do Software Vulnerável e Versões Afetadas** Plugin Jenkins Folder-based Authorization Strategy versões 217.vd5b 18537403e e anteriores **Descrição** O problema potencialmente permite que usuários aos quais foram anteriormente concedidas certas permissões acessem funcionalidades às quais não têm mais direito, porque o plugin não verifica se as permissões configuradas estão habilitadas. Isso geralmente envolve permissões opcionais. **Recomendações** Para o Plugin Jenkins Folder-based Authorization Strategy versões 217.vd5b 18537403e e anteriores, como solução temporária, considere revisar e validar manualmente as permissões configuradas para cada usuário para garantir que estejam alinhadas com os níveis de acesso pretendidos, até que uma correção esteja disponível.

**Nome do software vulnerável e versões afetadas** Plugin Jenkins Delphix, versões 3.0.1 a 3.1.0 **Descrição** A opção global que permite aos administradores ativar ou desativar a validação de certificados SSL/TLS para conexões com o Data Control Tower (DCT) só entra em vigor após a reinicialização do Jenkins ao mudar da validação desativada para a ativada. **Recomendações** Para as versões 3.0.1 a 3.1.0 do plugin Jenkins Delphix, reinicie o Jenkins após mudar da validação de certificados SSL/TLS desativada para ativada, a fim de garantir que a alteração entre em vigor.

**Nome do software vulnerável e versões afetadas** Plugin Jenkins iceScrum, versões 1.1.6 e anteriores **Descrição** A falha resulta em uma vulnerabilidade de script entre sites (XSS) armazenada. Isso ocorre porque o plugin não sanitiza as URLs dos projetos iceScrum nas visualizações de compilação. Invasores com permissão para configurar tarefas podem explorar essa vulnerabilidade. **Recomendações** Para as versões 1.1.6 e anteriores, atualize para uma versão que corrija a sanitização das URLs dos projetos iceScrum para evitar ataques XSS armazenados.

**Nome do software vulnerável e versões afetadas** Plugin Jenkins GitLab Branch Source, versões 684.vea fa 7c1e2fe3 e anteriores **Descrição** O problema está relacionado ao uso de uma função de comparação de tempo não constante ao verificar se o token de webhook fornecido e o esperado são iguais. Isso permite, potencialmente, que invasores utilizem métodos estatísticos para obter um token de webhook válido, o que poderia levar ao acesso não autorizado a informações confidenciais. **Recomendações** Para as versões 684.vea fa 7c1e2fe3 e anteriores do Jenkins GitLab Branch Source Plugin, atualize para uma versão que utilize uma função de comparação de tempo constante, como a versão 688.v5fa 356ee8520, para impedir que invasores obtenham um token de webhook válido usando métodos estatísticos.

**Name of the Vulnerable Software and Affected Versions** Jenkins NeuVector Vulnerability Scanner Plugin versions 1.22 and earlier **Description** A cross-site request forgery (CSRF) vulnerability exists due to the lack of permission checks in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified `username` and `password`. This endpoint also does not require POST requests, further contributing to the vulnerability. **Recommendations** For Jenkins NeuVector Vulnerability Scanner Plugin versions 1.22 and earlier, consider updating to version 2.2 or later, which requires POST requests and Overall/Administer permission for the affected HTTP endpoint, thus mitigating the issue. As a temporary workaround, restrict access to the connection test HTTP endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jenkins NeuVector Vulnerability Scanner Plugin versions 1.22 and earlier **Description** A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified `username` and `password`. The connection test HTTP endpoint is vulnerable, and it does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability. **Recommendations** For Jenkins NeuVector Vulnerability Scanner Plugin versions 1.22 and earlier, consider upgrading to version 2.2 or later, which requires POST requests and Overall/Administer permission for the affected HTTP endpoint. As a temporary workaround, restrict access to the connection test HTTP endpoint to minimize the risk of exploitation. Avoid using the `username` and `password` variables in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Jenkins Edgewall Trac Plugin versions 1.13 and earlier **Description** The issue results in a stored cross-site scripting (XSS) vulnerability because the Trac website URL on the build page is not escaped. This vulnerability is exploitable by attackers with Item/Configure permission. **Recommendations** For versions 1.13 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Zanata Plugin versions 0.6 and earlier **Description** The issue is related to the use of a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal. This potentially allows attackers to use statistical methods to obtain a valid webhook token. **Recommendations** For Jenkins Zanata Plugin versions 0.6 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Multibranch Scan Webhook Trigger Plugin versions 1.0.9 and earlier **Description** The issue is related to information disclosure. It potentially allows a remote attacker to gain unauthorized access to protected information. The problem lies in the non-constant time comparison function used when checking the provided and expected webhook token for equality. This could allow attackers to use statistical methods to obtain a valid webhook token. **Recommendations** For Jenkins Multibranch Scan Webhook Trigger Plugin versions 1.0.9 and earlier, as a temporary workaround, consider disabling the webhook token comparison function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins MSTeams Webhook Trigger Plugin versions 0.1.1 and earlier **Description** The issue is related to information disclosure. It may allow a remote attacker to gain unauthorized access to protected information. The problem lies in the non-constant time comparison function used when checking the provided and expected webhook token for equality. This potentially allows attackers to use statistical methods to obtain a valid webhook token. **Recommendations** For Jenkins MSTeams Webhook Trigger Plugin versions 0.1.1 and earlier, as a temporary workaround, consider disabling the webhook token comparison function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins GitHub Plugin versions 1.37.3 and earlier **Description** The issue results in a stored cross-site scripting (XSS) vulnerability. This occurs because the GitHub project URL on the build page is not properly escaped when showing changes. Attackers with Item/Configure permission can exploit this vulnerability. **Recommendations** For Jenkins GitHub Plugin versions 1.37.3 and earlier, update to version 1.37.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the build page for users with Item/Configure permission until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Jenkins versions 2.423 and earlier, LTS versions 2.414.1 and earlier **Description** The issue is related to the lack of escaping of the `caption` constructor parameter value of `ExpandableDetailsNote`, resulting in a stored cross-site scripting (XSS) vulnerability. This vulnerability can be exploited by attackers who can control this parameter, potentially allowing them to manage files in workspaces. The `ExpandableDetailsNote` feature allows annotating build log content with additional information that can be revealed when interacted with. **Recommendations** For Jenkins versions 2.423 and earlier, update to version 2.424 or later. For LTS versions 2.414.1 and earlier, update to version 2.414.2 or later. As a temporary workaround, consider restricting access to the `ExpandableDetailsNote` feature until a patch is available. Avoid using the `caption` parameter in the affected `ExpandableDetailsNote` constructor until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Jenkins Build Failure Analyzer Plugin versions 2.4.1 and earlier **Description** The issue is related to a stored cross-site scripting (XSS) vulnerability. It occurs because the Jenkins Build Failure Analyzer Plugin does not escape Failure Cause names in build logs. This makes it exploitable by attackers who can create or update Failure Causes. **Recommendations** For Jenkins Build Failure Analyzer Plugin versions 2.4.1 and earlier, update to version 2.4.2 or later, which escapes Failure Cause names in build logs, to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Jenkins Azure AD Plugin versions 396.v86ce29279947 and earlier, except 378.380.v545b 1154b 3fb **Description** The issue is related to a non-constant time comparison function used when checking whether the provided and expected CSRF protection nonce are equal. This potentially allows attackers to use statistical methods to obtain a valid nonce. **Recommendations** For Jenkins Azure AD Plugin versions 396.v86ce29279947 and earlier, except 378.380.v545b 1154b 3fb , consider updating to a version that uses a constant time comparison function to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins SSH2 Easy Plugin versions 1.4 and earlier **Description** The issue is related to the verification of permissions configured to be granted. It potentially allows users who were formerly granted certain permissions, such as Overall/Manage, to access functionality they are no longer entitled to. This is because the plugin does not verify that these permissions are enabled. **Recommendations** For Jenkins SSH2 Easy Plugin versions 1.4 and earlier, consider updating to a version that includes the fix for this issue, as the current version does not properly verify permissions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Pipeline Maven Integration Plugin versions 1330.v18e473854496 and earlier **Description** The issue concerns the Jenkins Pipeline Maven Integration Plugin, which does not properly mask usernames of credentials specified in custom Maven settings in Pipeline build logs when "Treat username as secret" is checked. This affects the security of credentials by potentially exposing them in the build logs. **Recommendations** For Jenkins Pipeline Maven Integration Plugin versions 1330.v18e473854496 and earlier, consider disabling the "Treat username as secret" option until a patch is available, or restrict access to the Pipeline build logs to minimize the risk of credential exposure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Assembla Auth Plugin versions 1.14 and earlier **Description** The issue results in users with EDIT permissions being granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted. This occurs because the plugin does not verify that the permissions it grants are enabled. **Recommendations** For Jenkins Assembla Auth Plugin versions 1.14 and earlier, update to a version that includes the fix for this issue to prevent users with EDIT permissions from being granted unnecessary permissions.

**Name of the Vulnerable Software and Affected Versions** Jenkins Frugal Testing Plugin versions 1.1 and earlier **Description** A cross-site request forgery (CSRF) vulnerability allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified username. **Recommendations** For Jenkins Frugal Testing Plugin versions 1.1 and earlier, update to a version that fixes this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.