SB2020092224 - Multiple vulnerabilities in Jenkins Storable Configs plugin

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Path traversal (CVE-ID: CVE-2020-2277)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote authenticated attacker can send a specially crafted HTTP request and read arbitrary files on the system.

2) Path traversal (CVE-ID: CVE-2020-2278)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to the affected plugin does not restrict the user-specified file name. A remote authenticated attacker can replace any other ".xml" file on the Jenkins controller with the job’s "config.xml" file’s content.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

• http://www.openwall.com/lists/oss-security/2020/09/16/3
• https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1968%20(1)
• https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1968%20(2)