Peter Adkins

**Name of the Vulnerable Software and Affected Versions** D-Link DSP-W110A1 version 1.05B01 **Description** An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server. This occurs when specially crafted cookie values are processed, allowing remote attackers to execute arbitrary commands on the underlying Linux operating system. Successful exploitation enables full system compromise. **Recommendations** Update the firmware to a newer, fixed version. As a temporary workaround, consider restricting access to the cookie handling process until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Alpine Linux Docker images versions 3.3 and later **Description** The vulnerability is related to a NULL password for the `root` user in the Official Alpine Linux Docker images. This issue may allow a remote attacker to achieve root access with a blank password, potentially affecting the confidentiality, integrity, and availability of protected information. Systems deployed using affected versions of the Alpine Linux container that utilize Linux PAM or other mechanisms which use the system shadow file as an authentication database may accept a NULL password for the `root` user. **Recommendations** For Alpine Linux Docker images version 3.3 and later, consider disabling the `root` user account or setting a strong password to prevent unauthorized access. As a temporary workaround, restrict access to the affected container to minimize the risk of exploitation. Update to a version of Alpine Linux Docker images that does not contain this vulnerability, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Ansible Tower Plugin version 0.9.1 and earlier **Description** A cross-site request forgery issue allowed attackers to connect to a specified URL using specified credentials IDs, potentially capturing stored credentials in Jenkins. The vulnerability arose from a lack of permission checks on a form validation method, enabling users with Overall/Read access to exploit it. The method also did not require POST requests, further contributing to the vulnerability. **Recommendations** For Jenkins Ansible Tower Plugin version 0.9.1 and earlier, update the plugin to a version that requires POST requests and Overall/Administer permissions for the form validation method, such as the version that includes the fix for this issue. As a temporary workaround, consider restricting access to the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method to users with Overall/Administer permissions until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Jenkins Swarm Plugin (affected versions not specified) **Description** The issue concerns the Jenkins Swarm Plugin, which allows clients to auto-discover Jenkins instances on the same network through a UDP discovery request. The responses to this request are XML documents. However, the Swarm Plugin does not prevent XML External Entity (XXE) processing when processing these responses. This allows unauthorized attackers on the same network to read arbitrary files from Swarm clients or conduct denial-of-service attacks by having Swarm clients parse a maliciously crafted XML response. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Ansible Tower Plugin versions 0.9.1 and earlier **Description** A missing permission check in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins. This issue also resulted in a cross-site request forgery vulnerability due to the form validation method not requiring POST requests. **Recommendations** For Jenkins Ansible Tower Plugin versions 0.9.1 and earlier, update the plugin to a version that requires POST requests and Overall/Administer permissions for the form validation method.

**Name of the Vulnerable Software and Affected Versions** Jenkins Ansible Tower Plugin versions 0.9.1 and earlier **Description** A missing permission check in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. **Recommendations** For Jenkins Ansible Tower Plugin versions 0.9.1 and earlier, consider restricting access to the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method until a patch is available. As a temporary workaround, review and limit Overall/Read permissions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins GitLab Plugin versions 1.5.11 and earlier **Description** A cross-site request forgery issue exists due to insufficient permission checks and form validation in the GitLabConnectionConfig#doTestConnection method. This allows attackers to connect to a specified URL using specified credentials IDs, potentially capturing stored credentials in Jenkins. The issue is exacerbated by the lack of requirement for POST requests, making it vulnerable to cross-site request forgery attacks. **Recommendations** For Jenkins GitLab Plugin versions 1.5.11 and earlier, update the plugin to a version that requires POST requests and Overall/Administer permissions for the form validation method to mitigate the issue.

**Name of the Vulnerable Software and Affected Versions** Jenkins GitLab Plugin versions 1.5.11 and earlier **Description** A missing permission check in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins. This issue also resulted in a cross-site request forgery vulnerability due to the form validation method not requiring POST requests. **Recommendations** For Jenkins GitLab Plugin versions 1.5.11 and earlier, update the plugin to a version that requires POST requests and Overall/Administer permissions for the form validation method. As a temporary workaround, consider restricting access to the GitLabConnectionConfig#doTestConnection method to users with Overall/Administer permissions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Jenkins vSphere Plugin versions 2.16 and older **Description** A man in the middle issue exists due to the disabling of SSL/TLS certificate validation by default in the VSphere.java file. This affects the security of the connection. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For Jenkins vSphere Plugin versions 2.16 and older, update to version 2.17 or newer, which has SSL/TLS certificate validation enabled by default.