CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28149 – jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin
https://notcve.org/view.php?id=CVE-2024-28149
Jenkins HTML Publisher Plugin 1.16 through 1.32 (both inclusive) does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting (XSS) attacks and to determine whether a path on the Jenkins controller file system exists. El complemento Jenkins HTML Publisher 1.16 a 1.32 (ambos inclusive) no sanitizada adecuadamente la entrada, lo que permite a los atacantes con permiso Elemento/Configurar implementar ataques de Cross-Site Scripting (XSS) y determinar si existe una ruta en el sistema de archivos del controlador Jenkins. A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting (XSS) attacks and determine whether a path on the Jenkins controller file system exists, without being able to access it. • http://www.openwall.com/lists/oss-security/2024/03/06/3 https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301 https://access.redhat.com/security/cve/CVE-2024-28149 https://bugzilla.redhat.com/show_bug.cgi?id=2268227 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2216
https://notcve.org/view.php?id=CVE-2024-2216
A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions. Una verificación de permiso faltante en un punto final HTTP en el complemento Docker-build-step de Jenkins 2.11 y versiones anteriores permite a los atacantes con permiso general/lectura conectarse a una URL de socket TCP o Unix especificada por el atacante y reconfigurar el complemento utilizando los parámetros de prueba de conexión proporcionados, lo que afecta las ejecuciones futuras de pasos de compilación. • http://www.openwall.com/lists/oss-security/2024/03/06/3 https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3200 • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2215
https://notcve.org/view.php?id=CVE-2024-2215
A cross-site request forgery (CSRF) vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions. Una vulnerabilidad de falsificación de solicitud entre sitios (CSRF) en el complemento Docker-build-step de Jenkins 2.11 y versiones anteriores permite a los atacantes conectarse a una URL de socket TCP o Unix especificada por el atacante y reconfigurar el complemento utilizando los parámetros de prueba de conexión proporcionados, afectando las futuras ejecuciones de pasos de construcción. • http://www.openwall.com/lists/oss-security/2024/03/06/3 https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3200 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23898 – jenkins: cross-site WebSocket hijacking
https://notcve.org/view.php?id=CVE-2024-23898
Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller. Jenkins 2.217 a 2.441 (ambos incluida), LTS 2.222.1 a 2.426.2 (ambos incluida) no realizan la validación del origen de las solicitudes realizadas a través del endpoint CLI WebSocket, lo que genera una vulnerabilidad de secuestro de WebSocket entre sitios (CSWSH), lo que permite a los atacantes para ejecutar comandos CLI en el controlador Jenkins. A flaw was found in Jenkins where websocket access to the CLI does not perform origin validation of requests when they are made through the websocket endpoint. • http://www.openwall.com/lists/oss-security/2024/01/24/6 https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315 https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins https://access.redhat.com/security/cve/CVE-2024-23898 https://bugzilla.redhat.com/show_bug.cgi?id=2260182 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-346: Origin Validation Error •
CVSS: 9.8EPSS: 97%CPEs: 2EXPL: 36CVE-2024-23897 – Jenkins Command Line Interface (CLI) Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2024-23897
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. Jenkins 2.441 y anteriores, LTS 2.426.2 y anteriores no desactivan una función de su analizador de comandos CLI que reemplaza un carácter '@' seguido de una ruta de archivo en un argumento con el contenido del archivo, lo que permite a atacantes no autenticados leer archivos arbitrarios en el sistema de archivos del controlador Jenkins. A flaw was found in Jenkins, which uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces the "@" character followed by a file path in an argument with the file’s contents (expandAtFiles). This feature is enabled by default; Jenkins 2.441 and earlier as well as LTS 2.426.2 and earlier do not disable it. • https://github.com/yoryio/CVE-2024-23897 https://www.exploit-db.com/exploits/51993 https://github.com/Abo5/CVE-2024-23897 https://github.com/Surko888/Surko-Exploit-Jenkins-CVE-2024-23897 https://github.com/h4x0r-dz/CVE-2024-23897 https://github.com/xaitax/CVE-2024-23897 https://github.com/binganao/CVE-2024-23897 https://github.com/wjlin0/CVE-2024-23897 https://github.com/kaanatmacaa/CVE-2024-23897 https://github.com/Vozec/CVE-2024-23897 https://github.com/g • CWE-27: Path Traversal: 'dir/../../filename' CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •