CVE-2020-2254 – jenkins-2-plugins/blueocean: Path traversal vulnerability in Blue Ocean Plugin could allow to read arbitrary files
https://notcve.org/view.php?id=CVE-2020-2254
Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system. Jenkins Blue Ocean Plugin versiones 1.23.2 y anteriores, proporciona un flag de funcionalidad no documentada que, cuando está habilitado, permite a un atacante con permiso Job/Configure o Job/Create leer archivos arbitrarios en el sistema de archivos del controlador Jenkins • http://www.openwall.com/lists/oss-security/2020/09/16/3 https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1956 https://access.redhat.com/security/cve/CVE-2020-2254 https://bugzilla.redhat.com/show_bug.cgi?id=1880456 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-1003012
https://notcve.org/view.php?id=CVE-2019-1003012
A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js, blueocean-rest/src/main/java/io/jenkins/blueocean/rest/APICrumbExclusion.java, blueocean-web/src/main/java/io/jenkins/blueocean/BlueOceanUI.java, blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API. Existe una vulnerabilidad de modificación de datos en Jenkins Blue Ocean Plugins, en versiones 1.10.1 y anteriores, en blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js, blueocean-rest/src/main/java/io/jenkins/blueocean/rest/APICrumbExclusion.java, blueocean-web/src/main/java/io/jenkins/blueocean/BlueOceanUI.java y blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly, que permite que los atacantes omitan todas las protecciones contra Cross-Site Request Forgery en la API de Blue Ocean. • https://access.redhat.com/errata/RHBA-2019:0326 https://access.redhat.com/errata/RHBA-2019:0327 https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1201 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-1003013
https://notcve.org/view.php?id=CVE-2019-1003013
An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/ExportConfig.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/JSONDataWriter.java, blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/UserStatePreloader.java, blueocean-web/src/main/resources/io/jenkins/blueocean/PageStatePreloadDecorator/header.jelly that allows attackers with permission to edit a user's description in Jenkins to have Blue Ocean render arbitrary HTML when using it as that user. Existe una vulnerabilidad Cross-Site Scripting (XSS) en Jenkins Blue Ocean Plugins, en versiones 1.10.1 y anteriores, en blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/ExportConfig.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/JSONDataWriter.java, blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/UserStatePreloader.java y blueocean-web/src/main/resources/io/jenkins/blueocean/PageStatePreloadDecorator/header.jelly, que permite que los atacantes con permiso para editar una descripción de usuario en Jenkins hagan que Blue Ocean renderice HTML arbitrario cuando lo emplean como dicho usuario. • https://access.redhat.com/errata/RHBA-2019:0326 https://access.redhat.com/errata/RHBA-2019:0327 https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1204 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-1000110
https://notcve.org/view.php?id=CVE-2017-1000110
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. It did not properly check the current user's authentication and authorization when configuring existing GitHub organization folders. This allowed users with read access to the GitHub organization folder to reconfigure it, including changing the GitHub API endpoint for the organization folder to an attacker-controlled server to obtain the GitHub access token, if the organization folder was initially created using Blue Ocean. Blue Ocean permite la creación de carpetas de organización GitHub que se configuran para escanear una organización de GitHub para repositorios y ramas que contengan un archivo Jenkins y crear las pipelines correspondientes en Jenkins. No verifica adecuadamente la autenticación y autorización del usuario actual al configurar las carpetas de organización de GitHub existentes. • https://jenkins.io/security/advisory/2017-08-07 • CWE-287: Improper Authentication •
CVE-2017-1000105
https://notcve.org/view.php?id=CVE-2017-1000105
The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient. El permiso opcional Run/Artifacts se puede habilitar definiendo una propiedad del sistema Java. Blue Ocean no comprueba este permiso antes de dar acceso a los artefactos archivados. El permiso Item/Read es suficiente. • https://jenkins.io/security/advisory/2017-08-07 • CWE-862: Missing Authorization •