Risk | High |
Patch available | YES |
Number of vulnerabilities | 11 |
CVE-ID | CVE-2022-42889 CVE-2022-1471 CVE-2022-29599 CVE-2023-24422 CVE-2023-37946 CVE-2024-23897 CVE-2024-23898 CVE-2023-25761 CVE-2023-25762 CVE-2023-27903 CVE-2023-27904 |
CWE-ID | CWE-94 CWE-502 CWE-78 CWE-264 CWE-384 CWE-284 CWE-1385 CWE-79 CWE-276 CWE-200 |
Exploitation vector | Network |
Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Vulnerability #6 is being exploited in the wild. |
Vulnerable software |
OpenShift Developer Tools and Services Universal components / Libraries / Software for developers jenkins (Red Hat package) Operating systems & Components / Operating system package or component jenkins-2-plugins (Red Hat package) Operating systems & Components / Operating system package or component |
Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
EUVDB-ID: #VU68307
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2022-42889
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to an insecure variable interpolation when processing untrusted input. A remote attacker can send a specially crafted input and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability was dubbed Text4shell.
Install updates from vendor's website.
OpenShift Developer Tools and Services: 4.11
jenkins (Red Hat package): before 2.426.3.1706516929-3.el8
jenkins-2-plugins (Red Hat package): before 4.11.1706516946-1.el8
CPE2.3http://access.redhat.com/errata/RHSA-2024:0775
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
EUVDB-ID: #VU70385
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2022-1471
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data within the SnakeYaml's Constructor() class. A remote attacker can pass specially crafted yaml content to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
OpenShift Developer Tools and Services: 4.11
jenkins (Red Hat package): before 2.426.3.1706516929-3.el8
jenkins-2-plugins (Red Hat package): before 4.11.1706516946-1.el8
CPE2.3http://access.redhat.com/errata/RHSA-2024:0775
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
EUVDB-ID: #VU62608
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-29599
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when processing double-quoted strings. A remote attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
MitigationInstall updates from vendor's website.
OpenShift Developer Tools and Services: 4.11
jenkins (Red Hat package): before 2.426.3.1706516929-3.el8
jenkins-2-plugins (Red Hat package): before 4.11.1706516946-1.el8
CPE2.3http://access.redhat.com/errata/RHSA-2024:0775
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU71499
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-24422
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a sandbox bypass issue. A remote user can bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
MitigationInstall updates from vendor's website.
OpenShift Developer Tools and Services: 4.11
jenkins (Red Hat package): before 2.426.3.1706516929-3.el8
jenkins-2-plugins (Red Hat package): before 4.11.1706516946-1.el8
CPE2.3http://access.redhat.com/errata/RHSA-2024:0775
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU78257
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-37946
CWE-ID:
CWE-384 - Session Fixation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the the affected plugin does not invalidate the existing session on login. A remote attacker can gain administrator access to Jenkins.
MitigationInstall updates from vendor's website.
OpenShift Developer Tools and Services: 4.11
jenkins (Red Hat package): before 2.426.3.1706516929-3.el8
jenkins-2-plugins (Red Hat package): before 4.11.1706516946-1.el8
CPE2.3http://access.redhat.com/errata/RHSA-2024:0775
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85786
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2024-23897
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the affected application does not disable a feature of its CLI command parser that replaces an "@" character followed by a file path in an argument with the file’s contents. A remote attacker can read arbitrary files on the Jenkins controller file system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
OpenShift Developer Tools and Services: 4.11
jenkins (Red Hat package): before 2.426.3.1706516929-3.el8
jenkins-2-plugins (Red Hat package): before 4.11.1706516946-1.el8
CPE2.3http://access.redhat.com/errata/RHSA-2024:0775
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU85790
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-23898
CWE-ID:
CWE-1385 - Missing Origin Validation in WebSockets
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to a cross-site WebSocket hijacking (CSWSH) issue when the affected application does not perform origin validation of requests made through the CLI WebSocket endpoint. A remote attacker can execute CLI commands on the Jenkins controller.
MitigationInstall updates from vendor's website.
OpenShift Developer Tools and Services: 4.11
jenkins (Red Hat package): before 2.426.3.1706516929-3.el8
jenkins-2-plugins (Red Hat package): before 4.11.1706516946-1.el8
CPE2.3http://access.redhat.com/errata/RHSA-2024:0775
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72437
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-25761
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to the affected plugin does not escape test case class names in JavaScript expressions. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
OpenShift Developer Tools and Services: 4.11
jenkins (Red Hat package): before 2.426.3.1706516929-3.el8
jenkins-2-plugins (Red Hat package): before 4.11.1706516946-1.el8
CPE2.3http://access.redhat.com/errata/RHSA-2024:0775
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72438
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-25762
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to the affected plugin does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
OpenShift Developer Tools and Services: 4.11
jenkins (Red Hat package): before 2.426.3.1706516929-3.el8
jenkins-2-plugins (Red Hat package): before 4.11.1706516946-1.el8
CPE2.3http://access.redhat.com/errata/RHSA-2024:0775
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU73196
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-27903
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the target system.
The vulnerability exists due to the affected plugin creates the temporary file in the default temporary directory with the default permissions for newly created files. A local user can read and write the file before it is used in the build.
MitigationInstall updates from vendor's website.
OpenShift Developer Tools and Services: 4.11
jenkins (Red Hat package): before 2.426.3.1706516929-3.el8
jenkins-2-plugins (Red Hat package): before 4.11.1706516946-1.el8
CPE2.3http://access.redhat.com/errata/RHSA-2024:0775
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU73197
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-27904
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application within error stack traces related to agents. A remote user can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
OpenShift Developer Tools and Services: 4.11
jenkins (Red Hat package): before 2.426.3.1706516929-3.el8
jenkins-2-plugins (Red Hat package): before 4.11.1706516946-1.el8
CPE2.3http://access.redhat.com/errata/RHSA-2024:0775
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.