Ap4Sh

**Name of the Vulnerable Software and Affected Versions** Jenkins Script Security Plugin versions prior to 1399.ve6a 66547f6e1 **Description** A missing permission check allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths. **Recommendations** Update to a version later than 1399.ve6a 66547f6e1.

**Name of the Vulnerable Software and Affected Versions** Jenkins Credentials Binding Plugin versions prior to 719.v80e905ef14eb **Description** Insufficient sanitization of file names for file and zip file credentials allows attackers who can provide credentials to a job to write files to arbitrary locations on the node filesystem. This can lead to remote code execution if Jenkins is configured to allow a low-privileged user to configure file or zip file credentials used for a job running on the built-in node. **Recommendations** Update the plugin to a version later than 719.v80e905ef14eb .

**Name of the Vulnerable Software and Affected Versions** Jenkins GitHub Branch Source Plugin versions prior to 1967.vdea d580c1a b a **Description** A missing permission check allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified GitHub App credentials. **Recommendations** Update the plugin to a version later than 1967.vdea d580c1a b a .

Name of the Vulnerable Software and Affected Versions Apache Log4j Core versions up to and including 2.25.3 Description Apache Log4j Core's XmlLayout fails to sanitize characters forbidden by the XML 1.0 specification, resulting in invalid XML output when log messages or MDC values contain such characters. The impact varies depending on the StAX implementation used. With the JRE built-in StAX, forbidden characters are silently written, leading to malformed XML that may be rejected by parsers. With alternative StAX implementations like Woodstox, an exception is thrown, preventing the log event from being delivered to its intended appender. Recommendations Upgrade to Apache Log4j Core 2.25.4 to correct this issue.

Name of the Vulnerable Software and Affected Versions Apache Log4j versions up to and including 2.25.3 Description Apache Log4j's JsonTemplateLayout generates invalid JSON output when processing log events that include non-finite floating-point values (NaN, Infinity, or -Infinity), violating RFC 8259 standards. This can lead to downstream log processing systems rejecting or failing to index affected records. Exploitation requires the application to use JsonTemplateLayout and log a MapMessage containing a floating-point value controlled by an attacker. Recommendations Upgrade to Apache Log4j JSON Template Layout 2.25.4.

**Name of the Vulnerable Software and Affected Versions** Apache Log4j 1-to-Log4j 2 bridge versions prior to 2.25.4 **Description** The `Log4j1XmlLayout` component fails to escape characters forbidden by the XML 1.0 standard, resulting in malformed XML output. Because conforming XML parsers must reject documents containing these characters with a fatal error, downstream log processing systems may drop or fail to index the affected records. This issue affects users employing `Log4j1XmlLayout` directly in a Log4j Core 2 configuration file or those using the Log4j 1 configuration compatibility layer with `org.apache.log4j.xml.XMLLayout` specified as the layout class. **Recommendations** Upgrade to Apache Log4j 1-to-Log4j 2 bridge version 2.25.4.