Wadeck Follonier

**Name of the Vulnerable Software and Affected Versions** Jenkins Build Monitor View Plugin versions 1.14-860.vd06ef2568b 3f and earlier **Description** The issue results from the failure to escape Build Monitor View names, leading to a stored cross-site scripting (XSS) vulnerability. This vulnerability can be exploited by attackers who have the ability to configure Build Monitor Views. **Recommendations** For Jenkins Build Monitor View Plugin versions 1.14-860.vd06ef2568b 3f and earlier, consider disabling the configuration of Build Monitor Views until a patch is available to prevent exploitation of the stored XSS vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Subversion Partial Release Manager Plugin versions 1.0.1 and earlier **Description** A cross-site request forgery (CSRF) issue allows attackers to trigger a build. **Recommendations** For Jenkins Subversion Partial Release Manager Plugin versions 1.0.1 and earlier, update to a version that fixes this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Subversion Partial Release Manager Plugin versions 1.0.1 and earlier **Description** A missing permission check in the plugin allows attackers with Item/Read permission to trigger a build. **Recommendations** For Jenkins Subversion Partial Release Manager Plugin versions 1.0.1 and earlier, consider restricting the Item/Read permission to prevent unauthorized build triggers until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Dimensions Plugin versions 0.9.3 and earlier **Description** A potential issue has been identified in the Micro Focus Dimensions CM Plugin for Jenkins, related to information disclosure. This issue allows attackers with Item/Configure permission to access and capture credentials they are not entitled to. The exploitation of this issue may permit a remote attacker to gain unauthorized access to protected information. **Recommendations** For Dimensions Plugin versions 0.9.3 and earlier, update to version 0.9.3.1 to define the appropriate context for credentials lookup, preventing the use of System-scoped credentials otherwise reserved for the global configuration.

**Name of the Vulnerable Software and Affected Versions** Jenkins Digital.ai App Management Publisher Plugin versions 2.6 and earlier **Description** A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins. The issue also involves several HTTP endpoints that do not perform permission checks, allowing attackers to use attacker-specified credentials IDs to capture credentials. Additionally, these endpoints are vulnerable to cross-site request forgery (CSRF) as they do not require POST requests. **Recommendations** For Jenkins Digital.ai App Management Publisher Plugin versions 2.6 and earlier, consider disabling the plugin until a patch is available to prevent attackers from exploiting the missing permission check and capturing credentials. Restrict access to the affected HTTP endpoints to minimize the risk of exploitation. Avoid using the plugin with Overall/Read permission until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Azure Credentials Plugin versions 253.v887e0f9e898b and earlier **Description** A missing permission check in the Jenkins Azure Credentials Plugin allows attackers with Overall/Read permission to connect to an attacker-specified web server. **Recommendations** For Jenkins Azure Credentials Plugin versions 253.v887e0f9e898b and earlier, consider restricting the Overall/Read permission to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Azure Credentials Plugin versions 253.v887e0f9e898b and earlier **Description** A missing permission check in the Jenkins Azure Credentials Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. **Recommendations** For Jenkins Azure Credentials Plugin versions 253.v887e0f9e898b and earlier, consider restricting access to the plugin until a patch is available, and ensure that only necessary personnel have Overall/Read permission to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Azure Credentials Plugin versions 253.v887e0f9e898b and earlier **Description** The issue is related to a cross-site request forgery (CSRF) vulnerability. This vulnerability can be exploited by a remote attacker to perform a CSRF attack, allowing them to connect to an attacker-specified web server. **Recommendations** For Jenkins Azure Credentials Plugin versions 253.v887e0f9e898b and earlier, consider disabling the plugin until a patch is available to prevent potential CSRF attacks. Restrict access to the plugin's functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Gerrit Trigger Plugin versions 2.38.0 and earlier **Description** A cross-site request forgery (CSRF) issue allows attackers to rebuild previous builds triggered by Gerrit. This can be exploited to manipulate build processes. **Recommendations** For Jenkins Gerrit Trigger Plugin versions 2.38.0 and earlier, consider disabling the rebuild feature for previous builds triggered by Gerrit until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Bitbucket OAuth Plugin versions 0.12 and earlier **Description** A cross-site request forgery (CSRF) issue allows attackers to trick users into logging in to the attacker's account. This can be achieved by exploiting the vulnerability in the Jenkins Bitbucket OAuth Plugin, which enables attackers to perform unauthorized actions on behalf of the user. **Recommendations** For Jenkins Bitbucket OAuth Plugin versions 0.12 and earlier, consider disabling the OAuth functionality until a patch is available to prevent exploitation of the CSRF vulnerability. Restrict access to sensitive operations that rely on the OAuth plugin to minimize the risk of unauthorized access.

**Name of the Vulnerable Software and Affected Versions** Jenkins Google Login Plugin versions 1.4 through 1.6 **Description** The issue arises from the improper determination of a redirect URL after login, which is supposed to point to Jenkins. This could potentially lead to unauthorized access. The Google Login Plugin version 1.7 has addressed this by only redirecting to relative Jenkins URLs. **Recommendations** For Jenkins Google Login Plugin versions 1.4 through 1.6, update to version 1.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the login functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jenkins JUnit Plugin versions 1159.v0b 396e1e07dd and earlier **Description** The issue is related to the conversion of HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability. This vulnerability is exploitable by attackers with Item/Configure permission. **Recommendations** For Jenkins JUnit Plugin versions 1159.v0b 396e1e07dd and earlier, update to a version that no longer converts URLs to clickable links, such as version 1160.vf1f01a a ea b 7f or later.

**Name of the Vulnerable Software and Affected Versions** Jenkins Pipeline: Stage View Plugin versions 2.26 and earlier **Description** The issue arises from the incorrect encoding of the ID of `input` steps when generating URLs to proceed or abort Pipeline builds, allowing attackers who can configure Pipelines to specify `input` step IDs. This results in URLs that can bypass the CSRF protection of any target URL in Jenkins. **Recommendations** For Jenkins Pipeline: Stage View Plugin versions 2.26 and earlier, update to version 2.27 or later to correctly encode the ID of `input` steps and prevent bypassing CSRF protection. As a temporary workaround, consider restricting access to the `input` step functionality until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Jenkins Pipeline: Supporting APIs Plugin versions 838.va 3a 087b 4055b and earlier **Description** The issue is related to a stored cross-site scripting (XSS) vulnerability. It occurs because the Jenkins Pipeline: Supporting APIs Plugin does not properly sanitize or encode URLs of hyperlinks that send POST requests in build logs. This vulnerability is exploitable by attackers who have the ability to create Pipelines. The plugin provides features to add hyperlinks to build logs, which are used by other plugins to allow users to interact with builds. However, the failure to properly encode these URLs results in the vulnerability. **Recommendations** For versions 838.va 3a 087b 4055b and earlier, update to version 839.v35e2736cfd5c or later, which properly encodes URLs of hyperlinks in build logs. As a temporary workaround, consider restricting the ability to create Pipelines to trusted users until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** Jenkins Build-Publisher Plugin versions 1.22 and earlier **Description** The issue allows attackers with Item/Configure permission to create or replace any `config.xml` file on the Jenkins controller file system by providing a crafted file name to an API endpoint. This endpoint is also vulnerable to cross-site request forgery (CSRF) attacks, which can result in any `config.xml` file being replaced with an empty file. **Recommendations** For Jenkins Build-Publisher Plugin versions 1.22 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Walti Plugin versions 1.0.1 and earlier **Description** The issue is related to a stored cross-site scripting (XSS) vulnerability. It occurs because the plugin does not escape the information provided by the Walti API, making it exploitable by attackers who can provide malicious API responses from Walti. **Recommendations** For Jenkins Walti Plugin versions 1.0.1 and earlier, consider disabling the plugin until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to the Walti API to minimize the risk of malicious responses.

**Name of the Vulnerable Software and Affected Versions** Jenkins Build-Publisher Plugin versions 1.22 and earlier **Description** A cross-site request forgery (CSRF) vulnerability allows attackers to replace any `config.xml` file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint. **Recommendations** For Jenkins Build-Publisher Plugin versions 1.22 and earlier, as a temporary workaround, consider restricting access to the API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Job Configuration History Plugin versions 1155.v28a 46a cc06a 5 and earlier **Description** The issue is related to a cross-site request forgery (CSRF) vulnerability. This vulnerability can be exploited by a remote attacker to perform a CSRF attack, allowing them to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations. **Recommendations** For Jenkins Job Configuration History Plugin versions 1155.v28a 46a cc06a 5 and earlier, update to version 1156.v536a 97b 8d649 or later, which requires POST requests for the affected HTTP endpoints, mitigating the CSRF vulnerability. At the moment, there is no other information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Matrix Reloaded Plugin versions 1.1.3 and earlier **Description** The issue is related to a stored cross-site scripting (XSS) vulnerability. This occurs because the agent name in tooltips is not properly escaped, allowing attackers with Agent/Configure permission to exploit this weakness. **Recommendations** For Jenkins Matrix Reloaded Plugin versions 1.1.3 and earlier, consider updating to a version that fixes this issue. As a temporary workaround, restrict access to the Agent/Configure permission to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jenkins eXtreme Feedback Panel Plugin versions 2.0.1 and earlier **Description** The issue is related to a stored cross-site scripting (XSS) vulnerability. It occurs because the job names used in tooltips are not properly escaped, allowing attackers with Item/Configure permission to exploit this weakness. **Recommendations** For Jenkins eXtreme Feedback Panel Plugin versions 2.0.1 and earlier, update to a version that properly escapes job names in tooltips to prevent stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.