OpenShift Developer Tools and Services for OCP 4.11 update for jenkins and jenkins-2-plugins



| Updated: 2024-01-19
Risk High
Patch available YES
Number of vulnerabilities 22
CVE-ID CVE-2021-26291
CVE-2022-1471
CVE-2022-25857
CVE-2022-29599
CVE-2022-30953
CVE-2022-30954
CVE-2022-42889
CVE-2022-43401
CVE-2022-43402
CVE-2022-43403
CVE-2022-43404
CVE-2022-43405
CVE-2022-43406
CVE-2022-43407
CVE-2022-43408
CVE-2022-43409
CVE-2022-45047
CVE-2023-24422
CVE-2023-25761
CVE-2023-25762
CVE-2023-27903
CVE-2023-27904
CWE-ID CWE-346
CWE-502
CWE-400
CWE-78
CWE-352
CWE-284
CWE-94
CWE-693
CWE-79
CWE-264
CWE-276
CWE-200
Exploitation vector Network
Public exploit Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #7 is available.
Public exploit code for vulnerability #17 is available.
Vulnerable software
jenkins (Red Hat package)
Operating systems & Components / Operating system package or component

jenkins-2-plugins (Red Hat package)
Operating systems & Components / Operating system package or component

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 22 vulnerabilities.

1) Origin validation error

EUVDB-ID: #VU62492

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-26291

CWE-ID: CWE-346 - Origin Validation Error

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to Apache Maven follows by default all repositories that are defined in a dependency’s Project Object Model (pom), including repositories accessible over HTTP protocol (e.g. without TLS encryption). A remote attacker can perform MitM attack and compromise the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): before 2.387.1.1683009763-3.el8

jenkins-2-plugins (Red Hat package): before 4.11.1683009941-1.el8

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:3198


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Deserialization of Untrusted Data

EUVDB-ID: #VU70385

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1471

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data within the SnakeYaml's Constructor() class. A remote attacker can pass specially crafted yaml content to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): before 2.387.1.1683009763-3.el8

jenkins-2-plugins (Red Hat package): before 4.11.1683009941-1.el8

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:3198


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource exhaustion

EUVDB-ID: #VU67665

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-25857

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when handling YAML files. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): before 2.387.1.1683009763-3.el8

jenkins-2-plugins (Red Hat package): before 4.11.1683009941-1.el8

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:3198


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) OS Command Injection

EUVDB-ID: #VU62608

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29599

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation when processing double-quoted strings. A remote attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): before 2.387.1.1683009763-3.el8

jenkins-2-plugins (Red Hat package): before 4.11.1683009941-1.el8

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:3198


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Cross-site request forgery

EUVDB-ID: #VU63375

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-30953

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): before 2.387.1.1683009763-3.el8

jenkins-2-plugins (Red Hat package): before 4.11.1683009941-1.el8

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:3198


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper access control

EUVDB-ID: #VU63377

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-30954

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in several HTTP endpoints. A remote user can connect to an attacker-specified HTTP server.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): before 2.387.1.1683009763-3.el8

jenkins-2-plugins (Red Hat package): before 4.11.1683009941-1.el8

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:3198


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Code Injection

EUVDB-ID: #VU68307

Risk: High

CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2022-42889

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an insecure variable interpolation when processing untrusted input. A remote attacker can send a specially crafted input and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability was dubbed Text4shell.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): before 2.387.1.1683009763-3.el8

jenkins-2-plugins (Red Hat package): before 4.11.1683009941-1.el8

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:3198


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

8) Protection Mechanism Failure

EUVDB-ID: #VU68594

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43401

CWE-ID: CWE-693 - Protection Mechanism Failure

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures in the Groovy language runtime. A remote user can bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): before 2.387.1.1683009763-3.el8

jenkins-2-plugins (Red Hat package): before 4.11.1683009941-1.el8

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:3198


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Protection Mechanism Failure

EUVDB-ID: #VU68596

Risk: Medium

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43402

CWE-ID: CWE-693 - Protection Mechanism Failure

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures in the Groovy language runtime. A remote user can bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): before 2.387.1.1683009763-3.el8

jenkins-2-plugins (Red Hat package): before 4.11.1683009941-1.el8

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:3198


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Protection Mechanism Failure

EUVDB-ID: #VU68597

Risk: Medium

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43403

CWE-ID: CWE-693 - Protection Mechanism Failure

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures. A remote user can bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): before 2.387.1.1683009763-3.el8

jenkins-2-plugins (Red Hat package): before 4.11.1683009941-1.el8

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:3198


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Protection Mechanism Failure

EUVDB-ID: #VU68595

Risk: Medium

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43404

CWE-ID: CWE-693 - Protection Mechanism Failure

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures. A remote user can bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): before 2.387.1.1683009763-3.el8

jenkins-2-plugins (Red Hat package): before 4.11.1683009941-1.el8

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:3198


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Protection Mechanism Failure

EUVDB-ID: #VU68598

Risk: Medium

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43405

CWE-ID: CWE-693 - Protection Mechanism Failure

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures. A remote user can bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): before 2.387.1.1683009763-3.el8

jenkins-2-plugins (Red Hat package): before 4.11.1683009941-1.el8

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:3198


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Protection Mechanism Failure

EUVDB-ID: #VU68599

Risk: Medium

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43406

CWE-ID: CWE-693 - Protection Mechanism Failure

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures. A remote user can bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): before 2.387.1.1683009763-3.el8

jenkins-2-plugins (Red Hat package): before 4.11.1683009941-1.el8

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:3198


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Cross-site request forgery

EUVDB-ID: #VU68600

Risk: Low

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43407

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin. A remote user can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): before 2.387.1.1683009763-3.el8

jenkins-2-plugins (Red Hat package): before 4.11.1683009941-1.el8

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:3198


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Cross-site request forgery

EUVDB-ID: #VU68601

Risk: Low

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43408

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin. A remote user can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): before 2.387.1.1683009763-3.el8

jenkins-2-plugins (Red Hat package): before 4.11.1683009941-1.el8

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:3198


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Stored cross-site scripting

EUVDB-ID: #VU68602

Risk: Low

CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43409

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in build logs. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): before 2.387.1.1683009763-3.el8

jenkins-2-plugins (Red Hat package): before 4.11.1683009941-1.el8

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:3198


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Deserialization of Untrusted Data

EUVDB-ID: #VU70530

Risk: High

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-45047

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data within the org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider class. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): before 2.387.1.1683009763-3.el8

jenkins-2-plugins (Red Hat package): before 4.11.1683009941-1.el8

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:3198


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

18) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU71499

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-24422

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a sandbox bypass issue. A remote user can bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): before 2.387.1.1683009763-3.el8

jenkins-2-plugins (Red Hat package): before 4.11.1683009941-1.el8

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:3198


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Stored cross-site scripting

EUVDB-ID: #VU72437

Risk: Low

CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-25761

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to the affected plugin does not escape test case class names in JavaScript expressions. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): before 2.387.1.1683009763-3.el8

jenkins-2-plugins (Red Hat package): before 4.11.1683009941-1.el8

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:3198


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Stored cross-site scripting

EUVDB-ID: #VU72438

Risk: Low

CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-25762

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to the affected plugin does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): before 2.387.1.1683009763-3.el8

jenkins-2-plugins (Red Hat package): before 4.11.1683009941-1.el8

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:3198


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Incorrect default permissions

EUVDB-ID: #VU73196

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-27903

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the affected plugin creates the temporary file in the default temporary directory with the default permissions for newly created files. A local user can read and write the file before it is used in the build.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): before 2.387.1.1683009763-3.el8

jenkins-2-plugins (Red Hat package): before 4.11.1683009941-1.el8

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:3198


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Information disclosure

EUVDB-ID: #VU73197

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-27904

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application within error stack traces related to agents. A remote user can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): before 2.387.1.1683009763-3.el8

jenkins-2-plugins (Red Hat package): before 4.11.1683009941-1.el8

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2023:3198


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###