Long Nguyen

**Name of the Vulnerable Software and Affected Versions** WP Job Portal versions prior to 2.3.9 **Description** The WP Job Portal plugin for WordPress is susceptible to Stored Cross-Site Scripting in all versions up to and including 2.3.9. The issue stems from the plugin explicitly allowing the `<script>` tag in its `WPJOBPORTAL ALLOWED TAGS` configuration and inadequate input sanitization when saving job descriptions. This allows authenticated attackers with Editor-level access or higher to inject arbitrary web scripts into job description fields through the job creation/editing interface. These scripts execute when a user accesses the affected page, potentially enabling session hijacking and credential theft. This impacts multi-site installations or those with unfiltered html disabled. **Recommendations** Update to a version of WP Job Portal later than 2.3.9.

**Name of the Vulnerable Software and Affected Versions** WP Job Portal versions prior to 2.4.1 **Description** The WP Job Portal plugin for WordPress is susceptible to an issue allowing unauthorized access to files. Authenticated attackers with Subscriber-level access or higher can potentially read arbitrary files on the server, potentially exposing sensitive information. The issue resides within the `downloadCustomUploadedFile` function. **Recommendations** Update WP Job Portal to version 2.4.1 or later.

**Name of the Vulnerable Software and Affected Versions** Jenkins TestQuality Updater Plugin version 1.3 and earlier **Description** The issue concerns the storage of the TestQuality Updater password in the global configuration file on the Jenkins controller. This password is stored unencrypted, allowing users with access to the Jenkins controller file system to view it. **Recommendations** For Jenkins TestQuality Updater Plugin version 1.3 and earlier, update the plugin to a version that securely stores the TestQuality Updater password.

**Name of the Vulnerable Software and Affected Versions** Jenkins SmallTest Plugin versions 1.0.4 and earlier **Description** The issue is related to the lack of hostname validation when connecting to the configured View26 server. This could be exploited using a man-in-the-middle attack to intercept these connections. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Jenkins SmallTest Plugin versions 1.0.4 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins View26 Test-Reporting Plugin versions 1.0.7 and earlier **Description** The issue concerns a lack of hostname validation when connecting to the configured View26 server. This could be exploited using a man-in-the-middle attack to intercept these connections. **Recommendations** For Jenkins View26 Test-Reporting Plugin versions 1.0.7 and earlier, consider disabling the plugin until a patch is available to prevent potential man-in-the-middle attacks. Restrict access to the View26 server configuration to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins HPE Network Virtualization Plugin version 1.0 **Description** The issue concerns the storage of passwords in an unencrypted manner within the global configuration file on the Jenkins controller. Specifically, the `org.jenkinsci.plugins.nvemulation.plugin.NvEmulationBuilder.xml` file contains these unencrypted passwords as part of its configuration. Users with access to the Jenkins controller file system can view these passwords. **Recommendations** For Jenkins HPE Network Virtualization Plugin version 1.0, consider restricting access to the Jenkins controller file system to minimize the risk of password exposure. As a temporary workaround, limit the privileges of users who have access to the file system to reduce potential damage.

**Name of the Vulnerable Software and Affected Versions** Jenkins Elasticsearch Query Plugin versions 1.2 and earlier **Description** The issue concerns the storage of a password in an unencrypted form within the global configuration file on the Jenkins controller. Specifically, the password is stored in the `org.jenkinsci.plugins.elasticsearchquery.ElasticsearchQueryBuilder.xml` file, making it accessible to users with file system access to the Jenkins controller. **Recommendations** For Jenkins Elasticsearch Query Plugin versions 1.2 and earlier, consider restricting access to the Jenkins controller file system to minimize the risk of password exposure until a fix is available. As a temporary workaround, restrict access to the `org.jenkinsci.plugins.elasticsearchquery.ElasticsearchQueryBuilder.xml` file to prevent unauthorized viewing of the unencrypted password.

**Name of the Vulnerable Software and Affected Versions** Jenkins Jigomerge Plugin versions 0.9 and earlier **Description** The issue allows passwords to be stored unencrypted in job `config.xml` files on the Jenkins controller. Users with Extended Read permission or access to the Jenkins controller file system can view these passwords. **Recommendations** For Jenkins Jigomerge Plugin versions 0.9 and earlier, consider restricting access to the Jenkins controller file system and limiting Extended Read permission to minimize the risk of password exposure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins RocketChat Notifier Plugin versions 1.5.2 and earlier **Description** The issue concerns the storage of sensitive information in the global configuration file on the Jenkins controller. Specifically, the login password and webhook token are stored unencrypted, allowing users with access to the Jenkins controller file system to view them. The configuration file in question is `RocketChatNotifier.xml`. **Recommendations** For Jenkins RocketChat Notifier Plugin versions 1.5.2 and earlier, consider restricting access to the Jenkins controller file system to minimize the risk of sensitive information exposure. As a temporary workaround, limit user access to the `RocketChatNotifier.xml` file until a secure storage solution is implemented.

**Name of the Vulnerable Software and Affected Versions** Jenkins Failed Job Deactivator Plugin versions 1.2.1 and earlier Jenkins versions 2.286 and earlier Jenkins LTS versions 2.277.1 and earlier **Description** A cross-site request forgery (CSRF) issue allows attackers to disable jobs. This issue is exploitable in specific versions of Jenkins. **Recommendations** For Jenkins Failed Job Deactivator Plugin versions 1.2.1 and earlier, update to a version later than 1.2.1. For Jenkins versions 2.286 and earlier, update to a version later than 2.286. For Jenkins LTS versions 2.277.1 and earlier, update to a version later than 2.277.1.

**Name of the Vulnerable Software and Affected Versions** Jenkins Deployment Dashboard Plugin versions 1.0.10 and earlier **Description** The issue concerns the storage of a password in an unencrypted form in the global configuration file on the Jenkins controller. This file, specifically `de.codecentric.jenkins.dashboard.DashboardView.xml`, contains the password as part of its configuration. Users with access to the Jenkins controller file system can view this password. **Recommendations** For Jenkins Deployment Dashboard Plugin versions 1.0.10 and earlier, consider removing or encrypting the password stored in the `de.codecentric.jenkins.dashboard.DashboardView.xml` file to prevent unauthorized access. As a temporary workaround, restrict access to the Jenkins controller file system to minimize the risk of the password being viewed by unauthorized users. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Build Notifications Plugin versions 1.5.0 and earlier **Description** The issue allows users with access to the Jenkins controller file system to view tokens stored unencrypted in the plugin's global configuration files. Specifically, multiple tokens are stored unencrypted, including the Pushover Application Token in `tools.devnull.jenkins.plugins.buildnotifications.PushoverNotifier.xml`, the Slack Bot Token in `tools.devnull.jenkins.plugins.buildnotifications.SlackNotifier.xml`, and the Telegram Bot Token in `tools.devnull.jenkins.plugins.buildnotifications.TelegramNotifier.xml`. **Recommendations** For Jenkins Build Notifications Plugin versions 1.5.0 and earlier, consider restricting access to the Jenkins controller file system to minimize the risk of token exposure. As a temporary workaround, restrict access to the configuration files `tools.devnull.jenkins.plugins.buildnotifications.PushoverNotifier.xml`, `tools.devnull.jenkins.plugins.buildnotifications.SlackNotifier.xml`, and `tools.devnull.jenkins.plugins.buildnotifications.TelegramNotifier.xml` to prevent unauthorized viewing of the tokens. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Cisco Spark Plugin versions 1.1.1 and earlier **Description** The issue is related to the storage of bearer tokens in an unencrypted form in the global configuration file `org.jenkinsci.plugins.spark.SparkNotifier.xml` on the Jenkins controller. This could allow a remote attacker to gain unauthorized access to sensitive information. Users with access to the Jenkins controller file system can view these bearer tokens. **Recommendations** For Jenkins Cisco Spark Plugin versions 1.1.1 and earlier, consider removing or encrypting the bearer tokens stored in the `org.jenkinsci.plugins.spark.SparkNotifier.xml` file to prevent unauthorized access. As a temporary workaround, restrict access to the Jenkins controller file system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Build Notifications Plugin versions 1.5.0 and earlier **Description** The issue is related to the transmission of tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. **Recommendations** For Jenkins Build Notifications Plugin versions 1.5.0 and earlier, update to a version that does not transmit tokens in plain text. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Squash TM Publisher (Squash4Jenkins) Plugin versions 1.0.0 and earlier **Description** The issue allows passwords to be stored unencrypted in the global configuration file on the Jenkins controller, making them accessible to users with access to the Jenkins controller file system. The configuration file `org.jenkinsci.squashtm.core.SquashTMPublisher.xml` contains these unencrypted passwords as part of its configuration. **Recommendations** For Jenkins Squash TM Publisher (Squash4Jenkins) Plugin versions 1.0.0 and earlier, consider restricting access to the Jenkins controller file system to minimize the risk of password exposure until a patch is available. As a temporary workaround, limit user access to the global configuration file to prevent unauthorized viewing of unencrypted passwords.

**Name of the Vulnerable Software and Affected Versions** Jenkins Convertigo Mobile Platform Plugin versions 1.1 and earlier **Description** The issue allows passwords to be stored unencrypted in job `config.xml` files on the Jenkins controller. This can be viewed by users with Extended Read permission or those who have access to the Jenkins controller file system. **Recommendations** For Jenkins Convertigo Mobile Platform Plugin versions 1.1 and earlier, update to a version that properly encrypts passwords in job config.xml files to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins EasyQA Plugin versions 1.0 and earlier **Description** The issue concerns the storage of user passwords in an unencrypted manner within the global configuration file on the Jenkins controller. Specifically, the passwords are stored in the `EasyQAPluginProperties.xml` file as part of the plugin's configuration. This allows users with access to the Jenkins controller file system to view these passwords. **Recommendations** For Jenkins EasyQA Plugin versions 1.0 and earlier, consider restricting access to the Jenkins controller file system to minimize the risk of password exposure. As a temporary workaround, limit the privileges of users who have access to the file system until a secure method of storing passwords is implemented. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins SSH Plugin versions 2.6.1 and earlier **Description** A cross-site request forgery (CSRF) vulnerability allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. **Recommendations** For Jenkins SSH Plugin versions 2.6.1 and earlier, update to a version later than 2.6.1 to resolve the issue. As a temporary workaround, consider restricting access to the Jenkins SSH Plugin to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jenkins SSH Plugin versions 2.6.1 and earlier **Description** A missing permission check in the Jenkins SSH Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. **Recommendations** For Jenkins SSH Plugin versions 2.6.1 and earlier, consider disabling the plugin until a patch is available to prevent attackers from exploiting the missing permission check and capturing credentials. Restrict access to the Overall/Read permission to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jenkins Proxmox Plugin versions 0.5.0 and earlier **Description** The issue concerns the storage of the Proxmox Datacenter password in an unencrypted manner within the global config.xml file on the Jenkins controller. This allows users with access to the Jenkins controller file system to view the password. **Recommendations** For Jenkins Proxmox Plugin versions 0.5.0 and earlier, consider restricting access to the global config.xml file on the Jenkins controller to minimize the risk of password exposure until a fix is available. As a temporary workaround, limit user access to the Jenkins controller file system to prevent unauthorized viewing of the Proxmox Datacenter password.