En

Jenkins官网安全更新(2020-07-02)

来源:Jenkins官网 发布日期:2020-07-02 阅读次数:2723 评论:0

基本信息

发布日期:2020-07-02(官方当地时间)

更新类型:安全更新

更新版本:未知

感知时间:2020-07-02 22:01:04

风险等级:未知

情报贡献:TSRC

更新标题

Jenkins Security Advisory 2020-07-02

更新详情

Stored XSS vulnerability in Sonargraph Integration PluginSECURITY-1775
/
CVE-2020-2201Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation.This results in a stored cross-site scripting (XSS) vulnerability that can be exploited by users with Job/Configure permission.Sonargraph Integration Plugin 3.0.1 escapes the affected part of the error message.Users with Overall/Read access could enumerate credentials IDs in Fortify on Demand PluginSECURITY-1690
/
CVE-2020-2202Fortify on Demand Plugin provides a list of applicable credentials IDs to allow users configuring the plugin to select the one to use.This functionality does not correctly check permissions in Fortify on Demand Plugin 6.0.0 and earlier, allowing any user with Overall/Read permission to get a list of valid credentials IDs.
Those can be used as part of an attack to capture the credentials using another vulnerability.An enumeration of credentials IDs in Fortify on Demand Plugin 6.0.1 now requires the appropriate permissions.CSRF vulnerability and missing permission checks in Fortify on Demand PluginSECURITY-1691
/
CVE-2020-2203 (CSRF), CVE-2020-2204 (missing permission check)Fortify on Demand Plugin 5.0.1 and earlier does not perform permission checks on a method implementing form validation.
This allows users with Overall/Read access to Jenkins to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs obtained through another method.Additionally, this form validation method does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.This form validation method requires appropriate permission in Fortify on Demand Plugin 6.0.0.Stored XSS vulnerability in VncRecorder PluginSECURITY-1728 (1)
/
CVE-2020-2205VncRecorder Plugin 1.25 and earlier does not escape a tool path in the checkVncServ form validation endpoint accessed e.g. via job configuration forms.This results in a stored cross-site scripting (XSS) vulnerability exploitable by Jenkins administrators.VncRecorder Plugin 1.35 escapes the tool path.Reflected XSS vulnerability in VncRecorder PluginSECURITY-1728 (2)
/
CVE-2020-2206VncRecorder Plugin 1.25 and earlier does not escape a parameter value in the checkVncServ form validation endpoint output.This results in a reflected cross-site scripting (XSS) vulnerability.VncRecorder Plugin 1.35 escapes the parameter value in the output.Reflected XSS vulnerability in VncViewer PluginSECURITY-1776
/
CVE-2020-2207VncViewer Plugin 1.7 and earlier does not escape a parameter value in the checkVncServ form validation endpoint output.This results in a reflected cross-site scripting (XSS) vulnerability.VncViewer Plugin 1.8 escapes the parameter value in the output.Secret stored in plain text by Slack Upload PluginSECURITY-1627
/
CVE-2020-2208Slack Upload Plugin 1.7 and earlier stores a secret unencrypted in job config.xml files as part of its configuration.
This secret can be viewed by users with Extended Read permission or access to the master file system.As of publication of this advisory, there is no fix.Password stored in plain text by TestComplete support PluginSECURITY-1686
/
CVE-2020-2209TestComplete support Plugin 2.4.1 and earlier stores a password unencrypted in job config.xml files as part of its configuration.
This password can be viewed by users with Extended Read permission or access to the master file system.As of publication of this advisory, there is no fix.Passwords transmitted in plain text by Stash Branch Parameter PluginSECURITY-1656
/
CVE-2020-2210Stash Branch Parameter Plugin stores Stash API passwords in its global configuration file org.jenkinsci.plugins.StashBranchParameter.StashBranchParameterDefinition.xml on the Jenkins master as part of its configuration.While the password is stored encrypted on disk, it is transmitted in plain text as part of the configuration form by Stash Branch Parameter Plugin 0.3.0 and earlier.
This can result in exposure of the password through browser extensions, cross-site scripting vulnerabilities, and similar situations.This only affects Jenkins before 2.236, including 2.235.x LTS, as Jenkins 2.236 introduces a security hardening that transparently encrypts and decrypts data used for a Jenkins password form field.As of publication of this advisory, there is no fix.RCE vulnerability in ElasticBox Jenkins Kubernetes CI/CD PluginSECURITY-1738
/
CVE-2020-2211ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types.
This results in a remote code execution (RCE) vulnerability exploitable by users able to provide YAML input files to ElasticBox Jenkins Kubernetes CI/CD Plugin’s build step.As of publication of this advisory, there is no fix.Secret stored in plain text by GitHub Coverage Reporter PluginSECURITY-1632
/
CVE-2020-2212GitHub Coverage Reporter Plugin 1.8 and earlier stores a GitHub access token in plain text in its global configuration file io.jenkins.plugins.gcr.PluginConfiguration.xml.
This can be viewed by users with access to the Jenkins master file system.
It is also transmitted in plain text as part of the configuration form where it can be viewed by those who can read the system configuration.As of publication of this advisory, there is no fix.Credentials stored in plain text by White Source PluginSECURITY-1630
/
CVE-2020-2213White Source Plugin 19.1.1 and earlier stores credentials in plain text as part of its global configuration file org.whitesource.jenkins.pipeline.WhiteSourcePipelineStep.xml and job config.xml files on the Jenkins master.
These credentials could be viewed by users with Extended Read permission (in the case of job config.xml files) or access to the master file system.As of publication of this advisory, there is no fix.Content-Security-Policy protection for user content disabled by ZAP Pipeline PluginSECURITY-1811
/
CVE-2020-2214Jenkins sets the Content-Security-Policy header to static files served by Jenkins (specifically DirectoryBrowserSupport), such as workspaces, /userContent, or archived artifacts.ZAP Pipeline Plugin 1.9 and earlier globally disables the Content-Security-Policy header for static files served by Jenkins.
This allows cross-site scripting (XSS) attacks by users with the ability to control files in workspaces, archived artifacts, etc.Jenkins instances with Resource Root URL configured are largely unaffected.
A possible exception are file parameter downloads.
The behavior of those depends on the specific version of Jenkins:Jenkins 2.231 and newer, including 2.235.x LTS, is unaffected, as all resource files from user content are generally served safely from a different domain, without restrictions from Content-Security-Policy header.Jenkins between 2.228 (inclusive) and 2.230 (inclusive), as well as all releases of Jenkins 2.222.x LTS and the 2.204.6 LTS release, are affected by this vulnerability, as file parameters are not served via the Resource Root URL.Jenkins 2.227 and older, 2.204.5 and older, don’t have XSS protection for file parameter values, see SECURITY-1793.As of publication of this advisory, there is no fix.CSRF vulnerability and missing permission checks in Zephyr for JIRA Test Management PluginSECURITY-1762
/
CVE-2020-2215 (CSRF), CVE-2020-2216 (missing permission check)Zephyr for JIRA Test Management Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation.
This allows users with Overall/Read access to Jenkins to connect to an attacker-specified host using attacker-specified username and password.Additionally, this form validation method does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.As of publication of this advisory, there is no fix.Reflected XSS in Compatibility Action Storage PluginSECURITY-1771
/
CVE-2020-2217Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint.
This allows attackers able to update the configured document in MongoDB to inject the payload.This results in a reflected cross-site scripting (XSS) vulnerability.As of publication of this advisory, there is no fix.Password stored in plain text by HP ALM Quality Center PluginSECURITY-1576
/
CVE-2020-2218HP ALM Quality Center Plugin 1.6 and earlier stores a password in plain text in its global configuration file org.jenkinsci.plugins.qc.QualityCenterIntegrationRecorder.xml.
This password can be viewed by users with access to the Jenkins master file system.As of publication of this advisory, there is no fix.Stored XSS vulnerability in Link Column PluginSECURITY-1803
/
CVE-2020-2219Link Column Plugin allows users with View/Configure permission to add a new column to list views that contains a user-configurable link.Link Column Plugin 1.0 and earlier does not filter the URL for these links, allowing the javascript: scheme.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by users able to configure list views.As of publication of this advisory, there is no fix.SeveritySECURITY-1576:LowSECURITY-1627:MediumSECURITY-1630:MediumSECURITY-1632:MediumSECURITY-1656:LowSECURITY-1686:MediumSECURITY-1690:MediumSECURITY-1691:MediumSECURITY-1728 (1):MediumSECURITY-1728 (2):MediumSECURITY-1738:HighSECURITY-1762:MediumSECURITY-1771:MediumSECURITY-1775:MediumSECURITY-1776:MediumSECURITY-1803:MediumSECURITY-1811:MediumAffected VersionsCompatibility Action Storage
Pluginup to and including
1.0ElasticBox Jenkins Kubernetes CI/CD
Pluginup to and including
1.3Fortify on Demand
Pluginup to and including
6.0.0Fortify on Demand
Pluginup to and including
5.0.1GitHub Coverage Reporter
Pluginup to and including
1.8HP ALM Quality Center
Pluginup to and including
1.6Link Column
Pluginup to and including
1.0Slack Upload
Pluginup to and including
1.7Sonargraph Integration
Pluginup to and including
3.0.0Stash Branch Parameter
Pluginup to and including
0.3.0TestComplete support
Pluginup to and including
2.4.1VncRecorder
Pluginup to and including
1.25VncViewer
Pluginup to and including
1.7White Source
Pluginup to and including
19.1.1ZAP Pipeline
Pluginup to and including
1.9Zephyr for JIRA Test Management
Pluginup to and including
1.5FixFortify on Demand
Pluginshould be updated to version
6.0.1Fortify on Demand
Pluginshould be updated to version
6.0.0Sonargraph Integration
Pluginshould be updated to version
3.0.1VncRecorder
Pluginshould be updated to version
1.35VncViewer
Pluginshould be updated to version
1.8These versions include fixes to the vulnerabilities described above. All prior versions are considered to be affected by these vulnerabilities unless otherwise indicated.As of publication of this advisory, no fixes are available for the following plugins:Compatibility Action Storage
PluginElasticBox Jenkins Kubernetes CI/CD
PluginGitHub Coverage Reporter
PluginHP ALM Quality Center
PluginLink Column
PluginSlack Upload
PluginStash Branch Parameter
PluginTestComplete support
PluginWhite Source
PluginZAP Pipeline
PluginZephyr for JIRA Test Management
Plugin

软件描述

Jenkins是一个开源软件项目,是基于Java开发的一种持续集成工具,用于监控持续重复的工作,旨在提供一个开放易用的软件平台,使软件的持续集成变成可能。 [1]

TSRC分析

暂无

业界资讯

暂无

评论

提交评论 您输入的评论有误,请重新输入