Francois Marot

**Name of the Vulnerable Software and Affected Versions** Jenkins GitLab Branch Source Plugin versions 684.vea fa 7c1e2fe3 and earlier **Description** The issue is related to insufficient access control in the Jenkins GitLab Branch Source Plugin. This allows attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group. The plugin unconditionally discovers projects that are shared with the configured owner group, enabling remote attackers to exploit this weakness. **Recommendations** For Jenkins GitLab Branch Source Plugin versions 684.vea fa 7c1e2fe3 and earlier, consider updating to a version that includes the new trait "Discover shared projects" to mitigate the risk of exploitation, such as GitLab Branch Source Plugin 688.v5fa 356ee8520. As a temporary workaround, restrict the plugin's ability to discover projects shared with the configured owner group until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Jenkins Matrix Project Plugin versions 822.v01b 8c85d16d2 and earlier **Description** The issue is related to the lack of sanitization of user-defined axis names of multi-configuration projects. This allows attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers. The vulnerability can be exploited through the `config.xml` REST API endpoint. **Recommendations** For Jenkins Matrix Project Plugin versions 822.v01b 8c85d16d2 and earlier, update to a version that sanitizes user-defined axis names, such as Matrix Project Plugin 822.824.v14451b c0fd42. As a temporary workaround, consider restricting access to the `config.xml` REST API endpoint and limiting Item/Configure permissions to minimize the risk of exploitation.