Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0775 advisory.

  - SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)

  - maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)

  - apache-commons-text: variable interpolation RCE (CVE-2022-42889)

  - jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)

  - jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)

  - jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin     (CVE-2023-25762)

  - Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)

  - Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)

  - Jenkins: Session fixation vulnerability in OpenShift Login Plugin (CVE-2023-37946)

  - jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE (CVE-2024-23897)

  - jenkins: cross-site WebSocket hijacking (CVE-2024-23898)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0778 advisory.

  - google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can     lead to improper authorization (CVE-2020-7692)

  - maven: Block repositories using http by default (CVE-2021-26291)

  - golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)

  - snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)

  - maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)

  - apache-commons-text: variable interpolation RCE (CVE-2022-42889)

  - guava: insecure temporary directory creation (CVE-2023-2976)

  - springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)

  - spring-security: Empty SecurityContext Is Not Properly Saved Upon Logout (CVE-2023-20862)

  - jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)

  - jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)

  - jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin     (CVE-2023-25762)

  - jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()     (CVE-2023-26048)

  - jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)

  - Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)

  - Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)

  - Jenkins: Open redirect vulnerability in OpenShift Login Plugin (CVE-2023-37947)

  - jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)

  - jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin (CVE-2023-40337)

  - jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin (CVE-2023-40338)

  - jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin     (CVE-2023-40339)

  - jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials     (CVE-2023-40341)

  - jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE (CVE-2024-23897)

  - jenkins: cross-site WebSocket hijacking (CVE-2024-23898)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6171 advisory.

  - SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)

  - maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)

  - apache-commons-text: variable interpolation RCE (CVE-2022-42889)

  - jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)

  - jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)

  - jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin     (CVE-2023-25762)

  - Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)

  - Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)

  - golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)     (CVE-2023-39325)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0776 advisory.

  - maven: Block repositories using http by default (CVE-2021-26291)

  - snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)

  - maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)

  - apache-commons-text: variable interpolation RCE (CVE-2022-42889)

  - jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)

  - jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)

  - jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin     (CVE-2023-25762)

  - Jenkins: Session fixation vulnerability in OpenShift Login Plugin (CVE-2023-37946)

  - jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE (CVE-2024-23897)

  - jenkins: cross-site WebSocket hijacking (CVE-2024-23898)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0777 advisory.

  - snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)

  - maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)

  - apache-commons-text: variable interpolation RCE (CVE-2022-42889)

  - guava: insecure temporary directory creation (CVE-2023-2976)

  - jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)

  - jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)

  - jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin     (CVE-2023-25762)

  - jackson-databind: denial of service via cylic dependencies (CVE-2023-35116)

  - Jenkins: Session fixation vulnerability in OpenShift Login Plugin (CVE-2023-37946)

  - Jenkins: Open redirect vulnerability in OpenShift Login Plugin (CVE-2023-37947)

  - golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)     (CVE-2023-39325)

  - jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin may approve unsandboxed scripts     (CVE-2023-40336)

  - jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin (CVE-2023-40337)

  - jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin (CVE-2023-40338)

  - jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin     (CVE-2023-40339)

  - jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials     (CVE-2023-40341)

  - HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)     (CVE-2023-44487)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6179 advisory.

  - snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)

  - maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)

  - apache-commons-text: variable interpolation RCE (CVE-2022-42889)

  - jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)

  - jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)

  - jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin     (CVE-2023-25762)

  - golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)     (CVE-2023-39325)

  - HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)     (CVE-2023-44487)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6172 advisory.

  - google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can     lead to improper authorization (CVE-2020-7692)

  - snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)

  - maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)

  - apache-commons-text: variable interpolation RCE (CVE-2022-42889)

  - jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)

  - jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)

  - jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin     (CVE-2023-25762)

  - Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)

  - Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)

  - golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)     (CVE-2023-39325)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3195 advisory.

  - apache-commons-text: variable interpolation RCE (CVE-2022-42889)

  - jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)

  - jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)

  - jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin     (CVE-2023-25762)

  - Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)

  - Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3198 advisory.

  - maven: Block repositories using http by default (CVE-2021-26291)

  - SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)

  - snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)

  - maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)

  - Jenkins plugin: CSRF vulnerability in Blue Ocean Plugin (CVE-2022-30953)

  - Jenkins plugin: missing permission checks in Blue Ocean Plugin (CVE-2022-30954)

  - apache-commons-text: variable interpolation RCE (CVE-2022-42889)

  - jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin     (CVE-2022-43401, CVE-2022-43403, CVE-2022-43404)

  - jenkins-plugin/workflow-cps: Sandbox bypass vulnerabilities in Pipeline: Groovy Plugin (CVE-2022-43402)

  - jenkins-plugin/pipeline-groovy-lib: Sandbox bypass vulnerability in Pipeline: Groovy Libraries Plugin     (CVE-2022-43405)

  - jenkins-plugin/workflow-cps-global-lib: Sandbox bypass vulnerability in Pipeline: Deprecated Groovy     Libraries Plugin (CVE-2022-43406)

  - jenkins-plugin/pipeline-input-step: CSRF protection for any URL can be bypassed in Pipeline: Input Step     Plugin (CVE-2022-43407)

  - jenkins-plugin/pipeline-stage-view: CSRF protection for any URL can be bypassed in Pipeline: Stage View     Plugin (CVE-2022-43408)

  - jenkins-plugin/workflow-support: Stored XSS vulnerability in Pipeline: Supporting APIs Plugin     (CVE-2022-43409)

  - mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)

  - jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)

  - jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)

  - jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin     (CVE-2023-25762)

  - Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)

  - Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3299 advisory.

  - google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can     lead to improper authorization (CVE-2020-7692)

  - kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178)

  - jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)

  - springframework: Authorization Bypass in RegexRequestMatcher (CVE-2022-22978)

  - com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)

  - xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)

  - woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)

  - apache-commons-text: variable interpolation RCE (CVE-2022-42889)

  - jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)

  - Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)

  - jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)

  - jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin     (CVE-2023-25762)

  - Jenkins: Denial of Service attack (CVE-2023-27900, CVE-2023-27901)

  - Jenkins: Workspace temporary directories accessible through directory browser (CVE-2023-27902)

  - Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1866 advisory.

  - jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)

  - jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin     (CVE-2023-25762)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7288 advisory.

  - snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)

  - maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)

  - apache-commons-text: variable interpolation RCE (CVE-2022-42889)

  - jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)

  - jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)

  - jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin     (CVE-2023-25762)

  - golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)     (CVE-2023-39325)

  - HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)     (CVE-2023-44487)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1866 advisory.

  - Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript     expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able     to control test case class names in the JUnit resources processed by the plugin. (CVE-2023-25761)

  - Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression     used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability     exploitable by attackers able to control job names. (CVE-2023-25762)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.9. It is, therefore, affected by multiple vulnerabilities including the following:

  - CSRF vulnerability and missing permission checks in Synopsys Coverity Plugin allow capturing credentials     (CVE-2023-23847, CVE-2023-23848)

  - Missing permission checks in Synopsys Coverity Plugin allow enumerating credentials IDs (CVE-2023-23850)

  - Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)

  - Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)

  - XSS vulnerability in bundled email templates in Email Extension Plugin (CVE-2023-25763)

  - Stored XSS vulnerability in custom email templates in Email Extension Plugin (CVE-2023-25764)

  - Script Security sandbox bypass vulnerability in Email Extension Plugin (CVE-2023-25765)

  - Missing permission checks in Azure Credentials Plugin allow enumerating credentials IDs (CVE-2023-25766)

  - CSRF vulnerability and missing permission checks in Azure Credentials Plugin (CVE-2023-25767,     CVE-2023-25768)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
194437	RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2024:0775)	Nessus	Red Hat Local Security Checks	critical
194435	RHEL 8 : Jenkins and Jenkins-2-plugins (RHSA-2024:0778)	Nessus	Red Hat Local Security Checks	critical
194410	RHEL 8 : Red Hat Product OCP Tools 4.11 Openshift Jenkins (RHSA-2023:6171)	Nessus	Red Hat Local Security Checks	critical
194395	RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2024:0776)	Nessus	Red Hat Local Security Checks	critical
194374	RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2024:0777)	Nessus	Red Hat Local Security Checks	critical
194368	RHEL 8 : Red Hat Product OCP Tools 4.13 OpenShift Jenkins (RHSA-2023:6179)	Nessus	Red Hat Local Security Checks	critical
194352	RHEL 8 : Red Hat Product OCP Tools 4.12 Openshift Jenkins (RHSA-2023:6172)	Nessus	Red Hat Local Security Checks	critical
194325	RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3195)	Nessus	Red Hat Local Security Checks	critical
194295	RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3198)	Nessus	Red Hat Local Security Checks	critical
194250	RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3299)	Nessus	Red Hat Local Security Checks	critical
194224	RHEL 8 : OpenShift Container Platform 4.10.58 (RHSA-2023:1866)	Nessus	Red Hat Local Security Checks	medium
193753	RHEL 8 : Red Hat Product OCP Tools 4.14 Openshift Jenkins (RHSA-2023:7288)	Nessus	Red Hat Local Security Checks	critical
189430	RHCOS 4 : OpenShift Container Platform 4.10.58 (RHSA-2023:1866)	Nessus	Red Hat Local Security Checks	medium
171501	Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.9 Multiple Vulnerabilities (CloudBees Security Advisory 2023-02-15)	Nessus	CGI abuses	critical

Detections

Analytics

CVE-2023-25762

medium

Tenable Plugins

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

medium

critical

medium

critical