Samy Medjahed

**Name of the Vulnerable Software and Affected Versions** Jenkins Script Security Plugin versions prior to 1399.ve6a 66547f6e1 **Description** A missing permission check allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths. **Recommendations** Update to a version later than 1399.ve6a 66547f6e1.

**Name of the Vulnerable Software and Affected Versions** Jenkins Credentials Binding Plugin versions prior to 719.v80e905ef14eb **Description** Insufficient sanitization of file names for file and zip file credentials allows attackers who can provide credentials to a job to write files to arbitrary locations on the node filesystem. This can lead to remote code execution if Jenkins is configured to allow a low-privileged user to configure file or zip file credentials used for a job running on the built-in node. **Recommendations** Update the plugin to a version later than 719.v80e905ef14eb .

**Name of the Vulnerable Software and Affected Versions** Jenkins GitHub Branch Source Plugin versions prior to 1967.vdea d580c1a b a **Description** A missing permission check allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified GitHub App credentials. **Recommendations** Update the plugin to a version later than 1967.vdea d580c1a b a .