Detections
Analytics
Jenkins plugins Multiple Vulnerabilities (2023-06-14)
high Nessus Plugin ID 177394
Language:
Synopsis
An application running on a remote web server host is affected by multiple vulnerabilitiesDescription
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities:- Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default. (CVE-2023-35142)
- Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control maven project versions in `pom.xml`.
(CVE-2023-35143)
- Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability. (CVE-2023-35144)
- Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission. (CVE-2023-35145)
- Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create jobs. (CVE-2023-35146)
- Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system. (CVE-2023-35147)
- A cross-site request forgery (CSRF) vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins. (CVE-2023-35148)
- A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins. (CVE-2023-35149)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update Jenkins plugins to the following versions:- AWS CodeCommit Trigger Plugin: See vendor advisory
- Checkmarx Plugin to version 2023.2.6 or later
- Digital.ai App Management Publisher Plugin: See vendor advisory
- Dimensions Plugin to version 0.9.3.1 or later
- Maven Repository Server Plugin: See vendor advisory
- Sonargraph Integration Plugin: See vendor advisory
- Team Concert Plugin to version 2.4.2 or later
- Template Workflows Plugin: See vendor advisory
See vendor advisory for more details.
See Also
Plugin Details
Severity: High
ID: 177394
File Name: jenkins_security_advisory_2023-06-14_plugins.nasl
Version: 1.3
Type: combined
Agent: windows, macosx, unix
Family: CGI abuses
Published: 6/16/2023
Updated: 7/28/2023
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 5.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N
CVSS Score Source: CVE-2023-35148
CVSS v3
Risk Factor: High
Base Score: 8.1
Temporal Score: 7.1
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS Score Source: CVE-2023-35142
Vulnerability Information
CPE: cpe:/a:cloudbees:jenkins, cpe:/a:jenkins:jenkins
Required KB Items: installed_sw/Jenkins
Exploit Ease: No known exploits are available
Patch Publication Date: 6/14/2023
Vulnerability Publication Date: 6/14/2023
Reference Information
CVE: CVE-2023-32261, CVE-2023-32262, CVE-2023-35142, CVE-2023-35143, CVE-2023-35144, CVE-2023-35145, CVE-2023-35146, CVE-2023-35147, CVE-2023-35148, CVE-2023-35149