En

Jenkins官网安全更新(2020-09-16)

来源:Jenkins官网 发布日期:2020-09-16 阅读次数:381 评论:0

基本信息

发布日期:2020-09-16(官方当地时间)

更新类型:安全更新

更新版本:未知

感知时间:2020-09-16 21:12:04

风险等级:未知

情报贡献:TSRC

更新标题

Jenkins Security Advisory 2020-09-16

更新详情

Missing hostname validation in Mailer PluginSECURITY-1813
/
CVE-2020-2252Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.
This lack of validation could be abused using a man-in-the-middle attack to intercept these connections.Mailer Plugin 1.32.1 validates the SMTP hostname when connecting via TLS by default.
In Mailer Plugin 1.32 and earlier, administrators can set the Java system property mail.smtp.ssl.checkserveridentity to true on startup to enable this protection.In case of problems, this protection can be disabled again by setting the Java system property mail.smtp.ssl.checkserveridentity to false on startup.Missing hostname validation in Email Extension PluginSECURITY-1851
/
CVE-2020-2253Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server.
This lack of validation could be abused using a man-in-the-middle attack to intercept these connections.Email Extension Plugin 2.76 validates the SMTP hostname when connecting via TLS by default.
In Email Extension Plugin 2.75 and earlier, administrators can set the Java system property mail.smtp.ssl.checkserveridentity to true on startup to enable this protection.
Alternatively, this protection can be enabled (or disabled in the new version) via the 'Advanced Email Properties' field in the plugin’s configuration in Configure System.In case of problems, this protection can be disabled again by setting mail.smtp.ssl.checkserveridentity to false using either method.Path traversal vulnerability in Blue Ocean PluginSECURITY-1956
/
CVE-2020-2254Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag, blueocean.features.GIT_READ_SAVE_TYPE, that when set to the value clone allows an attacker with Item/Configure or Item/Create permission to read arbitrary files on the Jenkins controller file system.Blue Ocean Plugin 1.23.3 no longer includes this feature and redirects existing usage to a safer alternative.SSRF vulnerability in Blue Ocean PluginSECURITY-1961
/
CVE-2020-2255A missing permission check in a REST API in Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to initiate a connection test to an attacker-specified URL.Blue Ocean Plugin 1.23.3 requires Item/Create permissions to create GitHub server and BitBucket server connections.Stored XSS vulnerability in upstream cause in Pipeline Maven Integration PluginSECURITY-1976
/
CVE-2020-2256Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job’s display name shown as part of a build cause.This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.Pipeline Maven Integration Plugin 3.9.3 escapes upstream job names in build causes.Stored XSS vulnerability in Validating String Parameter PluginSECURITY-1935
/
CVE-2020-2257Validating String Parameter Plugin 2.4 and earlier does not escape regular expressions in tooltips.
Additionally, Validating String Parameter Plugin 2.4 does not escape parameter names and parameter descriptions.This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.Validating String Parameter Plugin 2.5 escapes regular expressions in tooltips and parameter names.
Parameter descriptions are rendered using the configured markup formatter.Incorrect permission check in Health Advisor by CloudBees PluginSECURITY-1998
/
CVE-2020-2258Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint.This allows attackers with Overall/Read permission to view an administrative configuration page.Health Advisor by CloudBees Plugin 3.2.1 requires Overall/Administer to view its administrative configuration page.Stored XSS vulnerability in computer-queue-plugin PluginSECURITY-1912
/
CVE-2020-2259computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips.This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.computer-queue-plugin Plugin 1.6 escapes the agent name in tooltips.Missing permission check in Perfecto PluginSECURITY-1979
/
CVE-2020-2260Perfecto Plugin 1.17 and earlier does not perform a permission check in a method implementing a connection test.This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified username and password.Perfecto Plugin 1.18 requires Overall/Administer permission to perform a connection test.OS command execution vulnerability in Perfecto PluginSECURITY-1980
/
CVE-2020-2261Perfecto Plugin allows specifying Perfecto Connect Path and Perfecto Connect File Name in job configurations.This command is executed on the Jenkins controller in Perfecto Plugin 1.17 and earlier, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller.Perfecto Plugin 1.18 executes the specified commands on the agent the build is running on.Stored XSS vulnerability in Android Lint PluginSECURITY-1908
/
CVE-2020-2262Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips.This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the 'Publish Android Lint results' post-build step.As of publication of this advisory, there is no fix.Stored XSS vulnerability in Radiator View PluginSECURITY-1927
/
CVE-2020-2263Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips.This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.As of publication of this advisory, there is no fix.Stored XSS vulnerability in Custom Job Icon PluginSECURITY-1914
/
CVE-2020-2264Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips.This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.As of publication of this advisory, there is no fix.Stored XSS vulnerability in Coverage/Complexity Scatter Plot PluginSECURITY-1913
/
CVE-2020-2265Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips.This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the 'Publish Coverage / Complexity Scatter Plot' post-build step.As of publication of this advisory, there is no fix.Stored XSS vulnerability in Description Column PluginSECURITY-1916
/
CVE-2020-2266Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltips.This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.As of publication of this advisory, there is no fix.CSRF vulnerability and missing permission checks in MongoDB PluginSECURITY-1904
/
CVE-2020-2267 (missing permission check), CVE-2020-2268 (CSRF)MongoDB Plugin 1.3 and earlier does not perform permission checks in methods implementing form validation.This allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller.Additionally, these form validation methods do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.As of publication of this advisory, there is no fix.Stored XSS vulnerability in chosen-views-tabbar PluginSECURITY-1869
/
CVE-2020-2269chosen-views-tabbar Plugin 1.2 and earlier does not escape view names in the dropdown to select views.This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to configure views.As of publication of this advisory, there is no fix.Stored XSS vulnerability in ClearCase Release PluginSECURITY-1911
/
CVE-2020-2270ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip.This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.As of publication of this advisory, there is no fix.Stored XSS vulnerability in Locked Files Report PluginSECURITY-1921
/
CVE-2020-2271Locked Files Report Plugin 1.6 and earlier does not escape locked files' names in tooltips.This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.As of publication of this advisory, there is no fix.CSRF vulnerability and missing permission checks in ElasTest PluginSECURITY-1903
/
CVE-2020-2272 (missing permission check), CVE-2020-2273 (CSRF)ElasTest Plugin 1.2.1 and earlier does not perform a permission check in a method implementing form validation.This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.Additionally, this form validation method does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.As of publication of this advisory, there is no fix.Passwords stored in plain text by ElasTest PluginSECURITY-2014
/
CVE-2020-2274ElasTest Plugin 1.2.1 and earlier stores its server password in plain text in the global configuration file jenkins.plugins.elastest.ElasTestInstallation.xml.
This password can be viewed by users with access to the Jenkins controller file system.As of publication of this advisory, there is no fix.Arbitrary file read vulnerability in Copy data to workspace PluginSECURITY-1966
/
CVE-2020-2275Copy data to workspace Plugin allows users to copy files from the Jenkins controller to job workspaces.Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied.
This allows attackers with Job/Configure permission to read arbitrary files on the Jenkins controller.As of publication of this advisory, there is no fix.System command execution vulnerability in Selection tasks PluginSECURITY-1967
/
CVE-2020-2276Selection tasks Plugin implements a job parameter that dynamically generates possible values from the output of a program.
The path to that program is specified as part of the parameter configuration.Selection tasks Plugin 1.0 and earlier executes this user-specified program on the Jenkins controller.
This allows attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as.As of publication of this advisory, there is no fix.Arbitrary file read vulnerability in Storable Configs PluginSECURITY-1968 (1)
/
CVE-2020-2277Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller.As of publication of this advisory, there is no fix.Arbitrary file write vulnerability in Storable Configs PluginSECURITY-1968 (2)
/
CVE-2020-2278Storable Configs Plugin allows storing copies of a job’s config.xml file on the Jenkins controller with a user-specified file name.Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, except that a .xml suffix is added if it’s not already present.
This allows attackers with Job/Configure permission to replace any other .xml file on the Jenkins controller with the job’s config.xml file’s content.As of publication of this advisory, there is no fix.SeveritySECURITY-1813:MediumSECURITY-1851:MediumSECURITY-1869:HighSECURITY-1903:MediumSECURITY-1904:MediumSECURITY-1908:HighSECURITY-1911:HighSECURITY-1912:HighSECURITY-1913:HighSECURITY-1914:HighSECURITY-1916:HighSECURITY-1921:HighSECURITY-1927:HighSECURITY-1935:HighSECURITY-1956:MediumSECURITY-1961:MediumSECURITY-1966:MediumSECURITY-1967:HighSECURITY-1968 (1):MediumSECURITY-1968 (2):MediumSECURITY-1976:HighSECURITY-1979:MediumSECURITY-1980:HighSECURITY-1998:MediumSECURITY-2014:LowAffected VersionsAndroid Lint
Pluginup to and including
2.6Blue Ocean
Pluginup to and including
1.23.2chosen-views-tabbar
Pluginup to and including
1.2ClearCase Release
Pluginup to and including
0.3computer-queue-plugin
Pluginup to and including
1.5Copy data to workspace
Pluginup to and including
1.0Coverage/Complexity Scatter Plot
Pluginup to and including
1.1.1Custom Job Icon
Pluginup to and including
0.2Description Column
Pluginup to and including
1.3ElasTest
Pluginup to and including
1.2.1Email Extension
Pluginup to and including
2.75Health Advisor by CloudBees
Pluginup to and including
3.2.0Locked Files Report
Pluginup to and including
1.6Mailer
Pluginup to and including
1.32MongoDB
Pluginup to and including
1.3Perfecto
Pluginup to and including
1.17Pipeline Maven Integration
Pluginup to and including
3.9.2Radiator View
Pluginup to and including
1.29Selection tasks
Pluginup to and including
1.0Storable Configs
Pluginup to and including
1.0Validating String Parameter
Pluginup to and including
2.4FixBlue Ocean
Pluginshould be updated to version
1.23.3computer-queue-plugin
Pluginshould be updated to version
1.6Email Extension
Pluginshould be updated to version
2.76Health Advisor by CloudBees
Pluginshould be updated to version
3.2.1Mailer
Pluginshould be updated to version
1.32.1Perfecto
Pluginshould be updated to version
1.18Pipeline Maven Integration
Pluginshould be updated to version
3.9.3Validating String Parameter
Pluginshould be updated to version
2.5These versions include fixes to the vulnerabilities described above. All prior versions are considered to be affected by these vulnerabilities unless otherwise indicated.As of publication of this advisory, no fixes are available for the following plugins:Android Lint
Pluginchosen-views-tabbar
PluginClearCase Release
PluginCopy data to workspace
PluginCoverage/Complexity Scatter Plot
PluginCustom Job Icon
PluginDescription Column
PluginElasTest
PluginLocked Files Report
PluginMongoDB
PluginRadiator View
PluginSelection tasks
PluginStorable Configs
Plugin

软件描述

Jenkins是一个开源软件项目,是基于Java开发的一种持续集成工具,用于监控持续重复的工作,旨在提供一个开放易用的软件平台,使软件的持续集成变成可能。 [1]

TSRC分析

暂无

业界资讯

暂无

评论

提交评论 您输入的评论有误,请重新输入