SB2020092224 - Multiple vulnerabilities in Jenkins Storable Configs plugin



SB2020092224 - Multiple vulnerabilities in Jenkins Storable Configs plugin

Published: September 22, 2020

Security Bulletin ID SB2020092224
CSH Severity
Medium
Patch available
NO
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 vulnerabilities.


1) Path traversal (CVE-ID: CVE-2020-2277)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote authenticated attacker can send a specially crafted HTTP request and read arbitrary files on the system.


2) Path traversal (CVE-ID: CVE-2020-2278)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to the affected plugin does not restrict the user-specified file name. A remote authenticated attacker can replace any other ".xml" file on the Jenkins controller with the job’s "config.xml" file’s content.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.