Jenkins version 2.63 suffers from a sandbox bypass vulnerability.
ccdda4d633e906d159b3fb007dd5d46967f0b0fc3e8f033a0e07df0b6acc06e4Jenkins exploit that chains CVE-2018-1000861, CVE-2019-1003005 and CVE-2019-1003029 to a more reliable and elegant pre-auth remote code execution. Jenkins versions below 2.138 are affected.
88ba245224ecb5e377bcb871672d6537579b9aeac8cedbca083b7f571fa1faeaJenkins versions 2.251 and below and LTS 2.235.3 and below suffer from a persistent cross site scripting vulnerability.
fe78de531ac764992ae8de65e10f60a4d5a3ae82a3af279a85c1daa0d31531ecJenkins version 2.235.3 suffers from multiple persistent cross site scripting vulnerabilities.
5ae48804e53b05b0959fb9da096cca0880a8cea84800e7c45b02f24e07a2393dRed Hat Security Advisory 2020-4223-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include cross site scripting and information leakage vulnerabilities.
0a0c1e6d82b3f3d1ef7c4e264d5405abd9b644db1717e648010b8853d8377c2fRed Hat Security Advisory 2020-3841-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include cross site scripting and information leakage vulnerabilities.
77a91d7eb8ec634429339830c6925d60cfecc790452b9ca6402775e98428831dRed Hat Security Advisory 2020-3808-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a cross site scripting vulnerability.
b7331aff073d815f6e01e6459b93fa13ca828d759222d2f6c43a4863d4cf35abAn unauthenticated Java object deserialization vulnerability exists in the CLI component for Jenkins versions 2.56 and below. The readFrom method within the Command class in the Jenkins CLI remoting component deserializes objects received from clients without first checking / sanitizing the data. Because of this, a malicious serialized object contained within a serialized SignedObject can be sent to the Jenkins endpoint to achieve code execution on the target.
3729c358cb302e4f78e19a3ad5a83bfe54ed6e185ea35041abb6038c065373daRed Hat Security Advisory 2020-3541-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. The Matrix Project is a module which handles creating Jenkins multi-configuration projects. Matrix Authorization allows configuring the lowest level permissions, such as starting new builds, configuring items, or deleting them, individually. Python-RSA is a RSA implementation in Python. It can be used as a Python library as well as the commandline utility. Ansible is a SSH-based configuration management, deployment, and task execution system. The openshift-ansible packages contain Ansible code and playbooks for installing and upgrading OpenShift Container Platform 3. Issues addressed include cross site scripting, denial of service, and information leakage vulnerabilities.
42d044757ced55aee7edf9844bfad23fe95bf3c3141361f974b7050950a43c55Red Hat Security Advisory 2020-3519-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a cross site scripting vulnerability.
03d7ebc42a5ee8eb1819704cae98ab2247d034dafe7ee3357bc00074d0307709Red Hat Security Advisory 2020-3453-01 - The Matrix Project is a module which handles creating Jenkins multi-configuration projects. Matrix Authorization allows configuring the lowest level permissions, such as starting new builds, configuring items, or deleting them, individually. Python-RSA is a RSA implementation in Python. It can be used as a Python library as well as the commandline utility. Issues addressed include cross site scripting and denial of service vulnerabilities.
dcba8ed7be6bf93cafc80deff5dd57772dc8ea7c104f758c6b9f084ddded22caRed Hat Security Advisory 2020-0964-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include code execution and deserialization vulnerabilities.
0bbc6d0b1340b9e1e77661f6fd3104f23b4bfa6e941e551e8c264a9869530430Jenkins Gitlab Hook plugin version 1.4.2 suffers from a cross site scripting vulnerability.
38931217cabd4d17c01cf04d878ac4d8c49d23973f783f5ba2fd442676454822Jenkins Build-Metrics plugin version 1.3 suffers from a cross site scripting vulnerability.
d418e19ba81cb0adbe7e003d7fa890804d64f4a2cbb72d771a4bdb298fb673cbRed Hat Security Advisory 2019-3144-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by CRON. This advisory contains the updated jenkins RPM package for Red Hat OpenShift Container Platform 3.11. Issues addressed include a cross site request forgery vulnerability.
3884936d40d62626ae2afd0fd378d13ff22c620e26e53620b6b1411cd943ba22Red Hat Security Advisory 2019-2789-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a cross site request forgery vulnerability.
645b7f82dec2c865a3d8af48ba736384ebc85c45fee196f34641463822691a36Red Hat Security Advisory 2019-2662-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a bypass vulnerability.
6fece9cfa8e21396eb29dc690d56ca4aa2cfc555efbd536bfd6c1280e18c70ccWhitepaper called Jenkins Groovy Scripts for Red Teamers and Penetration Testers.
5e6b7c106c03710dff448e081a389d32962fea27101a434d73669f8d4d9365e2Red Hat Security Advisory 2019-2651-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a bypass vulnerability.
df767c3bd54e617fd6f47d5b82d6ec2199aa705ea592deecc555c95625d6a2b4Red Hat Security Advisory 2019-2548-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a cross site request forgery vulnerability.
4345dc1d608a0488b324d4434e2cfb1c27a4314f6530857a03a16fd149420252Red Hat Security Advisory 2019-2503-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a cross site request forgery vulnerability.
f012531b1f32448bfdd5aa2590a61478d680886552a677c76a300f1e28deabbbJenkins Dependency Graph View plugin version 0.13 suffers from a persistent cross site scripting vulnerability.
cd5ffe501243df3312d0721d5cd596bee99b0e8d2898b76aa16162fd57fb796cRed Hat Security Advisory 2019-1636-01 - This advisory contains the jenkins-2-plugins RPM packages for Red Hat OpenShift Container Platform 4.1.4. Various issues have been addressed including a file read vulnerability.
35932583ad3607db55d6071f2438a343dec4f7239b799a8085c9aa5f046b14c9Red Hat Security Advisory 2019-1423-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass and cross site scripting vulnerabilities.
302e9f6fdcd1f882db8880e348723a0684e1677aa46f21cf84c2959993ce2923Red Hat Security Advisory 2019-0739-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Security fix: jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-workflow-cps: Sandbox bypass in pipeline: Groovy plug-in jenkins-matrix-project-plugin: Sandbox bypass in matrix project plug-in jenkins-job-dsl-plugin: Script security sandbox bypass in job DSL plug-in. Issues addressed include a bypass vulnerability.
3521bc8e3160f9a4e993455be4fa77b9faf7799c4a87c9cd5848b70126953609This Metasploit module exploits a vulnerability in Jenkins dynamic routing to bypass the Overall/Read ACL and leverage Groovy metaprogramming to download and execute a malicious JAR file. The ACL bypass gadget is specific to Jenkins versions 2.137 and below and will not work on later versions of Jenkins. Tested against Jenkins 2.137 and Pipeline: Groovy Plugin 2.61.
1fa7a0581a082a2a0c1e14681f05b88994d45c7f8daeb7fbed7b6dacc77b9a72
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed