CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-27201
https://notcve.org/view.php?id=CVE-2022-27201
Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. El Plugin Semantic Versioning de Jenkins versiones 1.13 y anteriores, no restringe la ejecución de un mensaje de controlador/agente a los agentes, y no implementa limitaciones sobre la ruta del archivo que puede ser analizado, permitiendo a atacantes capaces de controlar los procesos de los agentes hacer que Jenkins analice un archivo diseñado que usa entidades externas para la extracción de secretos del controlador Jenkins o una vulnerabilidad de tipo server-side request forgery • http://www.openwall.com/lists/oss-security/2022/03/15/2 https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2124 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-0538
https://notcve.org/view.php?id=CVE-2022-0538
Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage. Jenkins versiones 2.333 y anteriores, LTS versiones 2.319.2 y anteriores, define convertidores XStream personalizados que no han sido actualizados para aplicar las protecciones para la vulnerabilidad CVE-2021-43859 y permiten el uso de recursos sin restricciones • http://www.openwall.com/lists/oss-security/2022/02/09/1 https://www.jenkins.io/security/advisory/2022-02-09/#SECURITY-2602 • CWE-502: Deserialization of Untrusted Data •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20612 – jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF
https://notcve.org/view.php?id=CVE-2022-20612
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Jenkins versiones 2.329 y anteriores, LTS versiones 2.319.1 y anteriores, permite a atacantes desencadenar una construcción de un trabajo sin parámetros cuando no se establece un ámbito de seguridad A Cross-site request forgery (CSRF) vulnerability was found in Jenkins. The POST requests are not required for the HTTP endpoint handling manual build requests when no security realm is set. This flaw allows an attacker to trigger the building of a job without parameters. • http://www.openwall.com/lists/oss-security/2022/01/12/6 https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2558 https://www.oracle.com/security-alerts/cpuapr2022.html https://access.redhat.com/security/cve/CVE-2022-20612 https://bugzilla.redhat.com/show_bug.cgi?id=2044460 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21697 – jenkins: Agent-to-controller access control allows reading/writing most content of build directories
https://notcve.org/view.php?id=CVE-2021-21697
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions. Jenkins versiones 2.318 y anteriores, LTS versiones 2.303.2 y anteriores, permiten a cualquier agente leer y escribir el contenido de cualquier directorio de construcción almacenado en Jenkins con muy pocas restricciones An incorrect access restriction vulnerability was found in Jenkins. The directories agents are allowed to access include the directories where there are stored build-related information intended to allow agents to store build-related metadata during build execution. As a consequence, this allows an attacker who controls agent process to read and write the contents of any build directory stored in Jenkins with very few restrictions (build.xml and some Pipeline-related metadata). • http://www.openwall.com/lists/oss-security/2021/11/04/3 https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428 https://access.redhat.com/security/cve/CVE-2021-21697 https://bugzilla.redhat.com/show_bug.cgi?id=2020345 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21696 – jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin
https://notcve.org/view.php?id=CVE-2021-21696
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process. Jenkins versiones 2.318 y anteriores, LTS versiones 2.303.2 y anteriores, no limitan el acceso de lectura/escritura del agente al directorio libs/ dentro de los directorios de construcción cuando son utilizadas las APIs FilePath, permitiendo a atacantes que controlan los procesos del agente reemplazar el código de una biblioteca confiable con una variante modificada. Esto resulta en una ejecución de código sin sandbox en el proceso del controlador de Jenkins An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. • http://www.openwall.com/lists/oss-security/2021/11/04/3 https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423 https://access.redhat.com/security/cve/CVE-2021-21696 https://bugzilla.redhat.com/show_bug.cgi?id=2020344 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •