According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities:

  - High GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when     showing changes. This results in a stored cross-site scripting (XSS) vulnerability exploitable by     attackers with Item/Configure permission. GitHub Plugin 1.37.3.1 escapes GitHub project URL on the build     page when showing changes. (CVE-2023-46650)

  - Medium Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup,     allowing the use of system-scoped credentials otherwise reserved for the global configuration. This allows     attackers with Item/Configure permission to access and capture credentials they are not entitled to.
    Warnings Plugin 10.5.1 defines the appropriate context for credentials lookup. (CVE-2023-46651)

  - Medium lambdatest-automation Plugin 1.20.9 and earlier does not perform a permission check in an HTTP     endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST     credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using     another vulnerability. An enumeration of credentials IDs in lambdatest-automation Plugin 1.20.10 requires     Overall/Administer permission. (CVE-2023-46652)

  - Low lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO     level. This can result in accidental exposure of the token through the default system log. lambdatest-     automation Plugin 1.21.0 no longer logs LAMBDATEST Credentials access token. (CVE-2023-46653)

  - High In CloudBees CD Plugin, artifacts that were previously copied from an agent to the controller are     deleted after publishing by the 'CloudBees CD - Publish Artifact' post-build step. CloudBees CD Plugin     1.1.32 and earlier follows symbolic links to locations outside of the expected directory during this     cleanup process. This allows attackers able to configure jobs to delete arbitrary files on the Jenkins     controller file system. CloudBees CD Plugin 1.1.33 deletes symbolic links without following them.
    (CVE-2023-46654)

  - Medium CloudBees CD Plugin temporarily copies files from an agent workspace to the controller in     preparation for publishing them in the 'CloudBees CD - Publish Artifact' post-build step. CloudBees CD     Plugin 1.1.32 and earlier follows symbolic links to locations outside of the temporary directory on the     controller when collecting the list of files to publish. This allows attackers able to configure jobs to     publish arbitrary files from the Jenkins controller file system to the previously configured CloudBees CD     server. CloudBees CD Plugin 1.1.33 ensures that only files located within the expected directory are     published. (CVE-2023-46655)

  - Low Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier does not use a constant-time comparison when     checking whether the provided and expected webhook token are equal. This could potentially allow attackers     to use statistical methods to obtain a valid webhook token. As of publication of this advisory, there is     no fix. Learn why we announce this. (CVE-2023-46656)

  - Low Gogs Plugin 1.0.15 and earlier does not use a constant-time comparison when checking whether the     provided and expected webhook token are equal. This could potentially allow attackers to use statistical     methods to obtain a valid webhook token. As of publication of this advisory, there is no fix. Learn why we     announce this. (CVE-2023-46657)

  - Low MSTeams Webhook Trigger Plugin 0.1.1 and earlier does not use a constant-time comparison when checking     whether the provided and expected webhook token are equal. This could potentially allow attackers to use     statistical methods to obtain a valid webhook token. As of publication of this advisory, there is no fix.
    Learn why we announce this. (CVE-2023-46658)

  - High Edgewall Trac Plugin 1.13 and earlier does not escape the Trac website URL on the build page. This     results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure     permission. As of publication of this advisory, there is no fix. Learn why we announce this.
    (CVE-2023-46659)

  - Low Zanata Plugin 0.6 and earlier does not use a constant-time comparison when checking whether the     provided and expected webhook token hashes are equal. This could potentially allow attackers to use     statistical methods to obtain a valid webhook token. As of publication of this advisory, there is no fix.
    Learn why we announce this. (CVE-2023-46660)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Jenkins plugins Multiple Vulnerabilities (2023-10-25)

high Nessus Plugin ID 183879

Version 1.2