Justin Philip

**Name of the Vulnerable Software and Affected Versions** Jenkins MSTest Plugin version 1.0.0 and earlier **Description** The issue is related to the configuration of the XML parser, which does not prevent XML external entity (XXE) attacks. **Recommendations** For Jenkins MSTest Plugin version 1.0.0 and earlier, update to a version that configures its XML parser to prevent XXE attacks.

**Name of the Vulnerable Software and Affected Versions** Jenkins EasyQA Plugin versions 1.0 and earlier **Description** The issue concerns the storage of user passwords in an unencrypted manner within the global configuration file on the Jenkins controller. Specifically, the passwords are stored in the `EasyQAPluginProperties.xml` file as part of the plugin's configuration. This allows users with access to the Jenkins controller file system to view these passwords. **Recommendations** For Jenkins EasyQA Plugin versions 1.0 and earlier, consider restricting access to the Jenkins controller file system to minimize the risk of password exposure. As a temporary workaround, limit the privileges of users who have access to the file system until a secure method of storing passwords is implemented. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Beaker builder Plugin versions 1.10 and earlier **Description** A cross-site request forgery (CSRF) issue allows attackers to connect to an attacker-specified URL. This can be exploited by attackers to perform unauthorized actions. **Recommendations** For Jenkins Beaker builder Plugin versions 1.10 and earlier, update to a version later than 1.10 to resolve the issue. As a temporary workaround, consider restricting access to the plugin to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jenkins Beaker builder Plugin versions 1.10 and earlier **Description** A missing permission check in the Jenkins Beaker builder Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL. This issue also results in a cross-site request forgery (CSRF) vulnerability because the form validation method does not require POST requests. **Recommendations** For Jenkins Beaker builder Plugin versions 1.10 and earlier, as a temporary workaround, consider restricting access to the plugin's form validation method until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Autocomplete Parameter Plugin versions 1.1 and earlier **Description** A cross-site request forgery (CSRF) issue allows attackers to execute arbitrary code without sandbox protection if the victim is an administrator. **Recommendations** For Jenkins Autocomplete Parameter Plugin versions 1.1 and earlier, update to a version that fixes this issue to prevent arbitrary code execution. As a temporary workaround, consider restricting access to administrative functions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jenkins Publish Over FTP Plugin versions 1.16 and earlier **Description** The issue is related to missing permission checks in the Jenkins Publish Over FTP Plugin, which allows attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials. **Recommendations** For Jenkins Publish Over FTP Plugin versions 1.16 and earlier, update to version 1.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin for users with Overall/Read permission to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jenkins Publish Over FTP Plugin versions 1.16 and earlier **Description** A cross-site request forgery (CSRF) issue allows attackers to connect to an FTP server using attacker-specified credentials. **Recommendations** For Jenkins Publish Over FTP Plugin versions 1.16 and earlier, update to a version later than 1.16 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Jenkins Tests Selector Plugin version 1.3.3 and earlier **Description** The issue allows users with Item/Configure permission to read arbitrary files on the Jenkins controller. **Recommendations** For Jenkins Tests Selector Plugin version 1.3.3 and earlier, update to a version later than 1.3.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Jenkins Environment Dashboard Plugin versions 1.1.10 and earlier **Description** The issue is related to a stored cross-site scripting (XSS) vulnerability. It occurs because the Environment order and the Component order configuration values in the views are not properly escaped. This vulnerability can be exploited by attackers who have View/Configure permission. **Recommendations** For Jenkins Environment Dashboard Plugin versions 1.1.10 and earlier, update to a version later than 1.1.10 to resolve the issue. As a temporary workaround, consider restricting access to the views that contain the Environment order and the Component order configuration values to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jenkins Team Views Plugin version 0.9.0 and earlier **Description** The issue results in a stored cross-site scripting (XSS) vulnerability. This occurs because team names are not properly escaped, allowing attackers with Overall/Read permission to exploit the vulnerability. **Recommendations** For Jenkins Team Views Plugin version 0.9.0 and earlier, update to a version that properly escapes team names to prevent stored XSS attacks.

**Name of the Vulnerable Software and Affected Versions** Jenkins Promoted Builds (Simple) Plugin versions 1.9 and earlier **Description** The issue is related to a stored cross-site scripting (XSS) vulnerability. It occurs because the plugin does not properly escape the name of custom promotion levels. This can be exploited by attackers who have Overall/Administer permission. **Recommendations** For Jenkins Promoted Builds (Simple) Plugin versions 1.9 and earlier, update to a version later than 1.9 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Jenkins Publish Over SSH Plugin versions 1.22 and earlier **Description** The issue allows passwords to be stored unencrypted in the global configuration file on the Jenkins controller. This can be viewed by users with access to the Jenkins controller file system. **Recommendations** For Jenkins Publish Over SSH Plugin versions 1.22 and earlier, consider updating to a version that properly encrypts passwords in the global configuration file to prevent unauthorized access. As a temporary workaround, restrict access to the Jenkins controller file system to minimize the risk of password exposure.

**Name of the Vulnerable Software and Affected Versions** Jenkins Publish Over SSH Plugin versions 1.22 and earlier **Description** A cross-site request forgery (CSRF) issue allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. **Recommendations** For Jenkins Publish Over SSH Plugin versions 1.22 and earlier, consider disabling the plugin until a patch is available to prevent exploitation. Restrict access to the SSH server configuration to minimize the risk of unauthorized connections.

**Name of the Vulnerable Software and Affected Versions** Jenkins Publish Over SSH Plugin versions 1.22 and earlier **Description** A missing permission check in the plugin allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials. **Recommendations** For Jenkins Publish Over SSH Plugin versions 1.22 and earlier, update to a version later than 1.22 to resolve the issue. As a temporary workaround, consider restricting Overall/Read access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jenkins Publish Over SSH Plugin versions 1.22 and earlier **Description** The issue allows attackers with Item/Configure permission to discover the name of the Jenkins controller files due to a path traversal vulnerability. This occurs because the plugin performs a validation of the file name, specifying whether it is present or not. **Recommendations** For Jenkins Publish Over SSH Plugin versions 1.22 and earlier, update to a version later than 1.22 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's file validation functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jenkins Selenium HTML report Plugin versions 1.0 and earlier **Description** The issue arises from the plugin not configuring its XML parser to prevent XML external entity (XXE) attacks, allowing attackers who can control the report files parsed by this plugin to craft a report file that uses external entities. This can lead to the extraction of secrets from the Jenkins controller or server-side request forgery. **Recommendations** For Jenkins Selenium HTML report Plugin versions 1.0 and earlier, update to version 1.1 or later, which disables external entity resolution for its XML parser.

**Name of the Vulnerable Software and Affected Versions** Jenkins Generic Webhook Trigger Plugin versions 1.72 and earlier **Description** The issue allows attackers to have Jenkins parse a crafted XML request body that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. This is due to the XML parser not being configured to prevent XML external entity (XXE) attacks. Attackers with the ability to call webhooks configured to extract parameters using XPath can exploit this. **Recommendations** For Jenkins Generic Webhook Trigger Plugin versions 1.72 and earlier, update to version 1.74 or later, which disables external entity resolution for its XML parser.

**Name of the Vulnerable Software and Affected Versions** Jenkins Xray - Test Management for Jira Plugin versions 2.4.0 and earlier **Description** A cross-site request forgery (CSRF) vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. This issue arises because the plugin does not require POST requests for a connection test method. **Recommendations** For Jenkins Xray - Test Management for Jira Plugin versions 2.4.0 and earlier, update to version 2.4.1 or later, which requires POST requests for the affected connection test method, mitigating the CSRF vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins P4 Plugin versions 1.11.4 and earlier **Description** A cross-site request forgery (CSRF) vulnerability allows attackers to connect to an attacker-specified Perforce server using attacker-specified `username` and `password`. The issue is mitigated in version 1.11.5, which requires POST requests for the affected HTTP endpoints. **Recommendations** For Jenkins P4 Plugin versions 1.11.4 and earlier, update to version 1.11.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected HTTP endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jenkins P4 Plugin versions 1.11.4 and earlier **Description** The issue allows attackers with Overall/Read permission to connect to an attacker-specified Perforce server using attacker-specified `username` and `password`. This is due to a lack of permission checks in multiple HTTP endpoints. **Recommendations** For Jenkins P4 Plugin versions 1.11.4 and earlier, update to version 1.11.5 or later, which requires Overall/Administer permission for the affected HTTP endpoints.