Viktor Gazdag

**Name of the Vulnerable Software and Affected Versions** Oracle Communications Diameter Signaling Router (DSR) versions 8.0.0.0 through 8.4.0.5 **Description** The issue is related to insufficient input validation in the User Interface component of the Oracle Communications Diameter Signaling Router (DSR) product. This allows a low-privileged attacker with network access via HTTP to compromise the system. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. The exploitation can result in unauthorized update, insert, or delete access to some of the DSR's accessible data, as well as unauthorized read access to a subset of the DSR's accessible data. **Recommendations** For versions 8.0.0.0 through 8.4.0.5, consider restricting access to the User Interface component until a patch is available. As a temporary workaround, limit the use of HTTP connections to the DSR to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Communications Diameter Signaling Router (DSR) versions 8.0.0.0 through 8.4.0.5 **Description** The issue is related to insufficient input validation in the User Interface component of the Oracle Communications Diameter Signaling Router (DSR) product. This allows an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. The exploitation can result in unauthorized update, insert, or delete access to some of the DSR's accessible data, as well as unauthorized read access to a subset of the DSR's accessible data. **Recommendations** For versions 8.0.0.0 through 8.4.0.5, consider restricting access to the User Interface component until a patch is available. As a temporary workaround, limit the use of HTTP access to the DSR to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Alauda DevOps Pipeline Plugin versions 2.3.2 and earlier **Description** A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing credentials stored in Jenkins. **Recommendations** For Jenkins Alauda DevOps Pipeline Plugin versions 2.3.2 and earlier, update to a version that includes the fix for the missing permission check to prevent attackers from exploiting this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Mantis Plugin versions 0.26 and earlier **Description** A cross-site request forgery issue allows attackers to connect to an attacker-specified web server using attacker-specified credentials. **Recommendations** For Jenkins Mantis Plugin versions 0.26 and earlier, update to a version later than 0.26 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Jenkins Weibo Plugin versions 1.0.1 and earlier **Description** The issue allows credentials to be stored unencrypted in the global configuration file on the Jenkins master. This can be viewed by users with access to the master file system. **Recommendations** For Jenkins Weibo Plugin versions 1.0.1 and earlier, consider restricting access to the master file system to minimize the risk of credential exposure until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Alauda DevOps Pipeline Plugin versions 2.3.2 and earlier **Description** A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing credentials stored in Jenkins. **Recommendations** For Jenkins Alauda DevOps Pipeline Plugin versions 2.3.2 and earlier, update to a version later than 2.3.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Jenkins Redgate SQL Change Automation Plugin versions 2.0.3 and earlier **Description** The issue allows credentials to be stored unencrypted in job config.xml files on the Jenkins master. Users with Extended Read permission or access to the master file system can view these credentials. **Recommendations** For Jenkins Redgate SQL Change Automation Plugin versions 2.0.3 and earlier, consider restricting access to the master file system and limiting Extended Read permissions to minimize the risk of credential exposure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Team Concert Plugin versions 1.3.0 and earlier **Description** A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins. The form validation method does not require POST requests, resulting in a CSRF vulnerability. **Recommendations** For Jenkins Team Concert Plugin versions 1.3.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Team Concert Plugin versions 1.3.0 and earlier **Description** A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing credentials stored in Jenkins. This is due to a lack of permission checks on a method implementing form validation, which can be exploited by users with Overall/Read access to Jenkins. The form validation method is also vulnerable as it does not require POST requests. **Recommendations** For Jenkins Team Concert Plugin versions 1.3.0 and earlier, as a temporary workaround, consider restricting access to the form validation method to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Team Concert Plugin versions 1.3.0 and earlier **Description** A missing permission check in form-related methods allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. **Recommendations** For Jenkins Team Concert Plugin versions 1.3.0 and earlier, consider restricting access to the plugin's form-related methods until a patch is available. As a temporary workaround, review and restrict Overall/Read access to minimize the risk of credentials enumeration.

**Name of the Vulnerable Software and Affected Versions** Jenkins RapidDeploy Plugin version 4.1 and earlier **Description** A cross-site request forgery issue allows attackers to connect to an attacker-specified web server. **Recommendations** For Jenkins RapidDeploy Plugin version 4.1 and earlier, update to a version later than 4.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Jenkins RapidDeploy Plugin versions 4.1 and earlier **Description** A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified web server. **Recommendations** For Jenkins RapidDeploy Plugin versions 4.1 and earlier, update to a version that includes the necessary permission checks to prevent unauthorized connections.

**Name of the Vulnerable Software and Affected Versions** Jenkins Alauda Kubernetes Support Plugin versions 2.3.0 and earlier **Description** A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing the Kubernetes service account token or credentials stored in Jenkins. **Recommendations** For Jenkins Alauda Kubernetes Support Plugin versions 2.3.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Alauda Kubernetes Support Plugin versions 2.3.0 and earlier **Description** A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing the Kubernetes service account token or credentials stored in Jenkins. **Recommendations** For Jenkins Alauda Kubernetes Support Plugin versions 2.3.0 and earlier, update to a version that includes the fix for the missing permission check to prevent attackers from exploiting this issue.

**Name of the Vulnerable Software and Affected Versions** Jenkins Mission Control Plugin versions 0.9.16 and earlier **Description** The issue concerns a stored XSS vulnerability. It occurs because the plugin does not properly escape job display names and build names shown on its view. This can be exploited by attackers who have the ability to change these properties. **Recommendations** For Jenkins Mission Control Plugin versions 0.9.16 and earlier, update to a version that fixes this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins buildgraph-view Plugin versions 1.8 and earlier **Description** The issue results in a stored cross-site scripting vulnerability. It occurs because the plugin does not escape the description of builds shown in its view. This makes it exploitable by users who have the ability to change build descriptions. **Recommendations** For Jenkins buildgraph-view Plugin versions 1.8 and earlier, update to a version later than 1.8 to resolve the issue. As a temporary workaround, consider restricting the ability to change build descriptions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jenkins Build Failure Analyzer Plugin versions 1.24.1 and earlier **Description** A cross-site request forgery issue allows attackers to have Jenkins evaluate a computationally expensive regular expression, potentially leading to exploitation. **Recommendations** For Jenkins Build Failure Analyzer Plugin versions 1.24.1 and earlier, update to a version later than 1.24.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Jenkins Rundeck Plugin versions 3.6.5 and earlier **Description** The issue allows credentials to be stored unencrypted in the global configuration file and in job config.xml files on the Jenkins master. This can be accessed by users with Extended Read permission or those who have access to the master file system. **Recommendations** For Jenkins Rundeck Plugin versions 3.6.5 and earlier, consider restricting access to the global configuration file and job config.xml files to minimize the risk of credential exposure. As a temporary workaround, limit user permissions to prevent those with Extended Read permission from viewing sensitive information.

**Name of the Vulnerable Software and Affected Versions** Jenkins Pipeline Aggregator View Plugin versions 1.8 and earlier **Description** The issue results in a stored XSS vulnerability, which can be exploited by attackers who can affect view content, such as job display names or pipeline stage names. **Recommendations** For Jenkins Pipeline Aggregator View Plugin versions 1.8 and earlier, update to a version later than 1.8 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Jenkins Dynatrace Application Monitoring Plugin versions 2.1.3 and earlier Jenkins Dynatrace Application Monitoring Plugin versions prior to 2.1.4 **Description** The issue concerns the storage of credentials in the global configuration file on the Jenkins master. Specifically, credentials are stored unencrypted, allowing users with access to the master file system to view them. This affects users with access to the Jenkins master. **Recommendations** For versions 2.1.3 and earlier, update to version 2.1.4 or later to resolve the issue. For versions prior to 2.1.4, update to version 2.1.4 or later to resolve the issue.