The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.7. It is, therefore, affected by multiple vulnerabilities including the following:

– Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)

– CSRF vulnerability in Gerrit Trigger Plugin (CVE-2023-24423)

– Session fixation vulnerability in OpenId Connect Authentication Plugin (CVE-2023-24424)

– Exposure of system-scoped Kubernetes credentials in Kubernetes Credentials Provider Plugin (CVE-2023-24425)

– Session fixation vulnerability in Azure AD Plugin (CVE-2023-24426)

– Session fixation vulnerability in Bitbucket OAuth Plugin (CVE-2023-24427)

– CSRF vulnerability in Bitbucket OAuth Plugin (CVE-2023-24428)

– Agent-to-controller security bypass in Semantic Versioning Plugin (CVE-2023-24429)

– XXE vulnerability on agents in Semantic Versioning Plugin (CVE-2023-24430)

– Missing permission checks in Orka by MacStadium Plugin allow enumerating credentials IDs (CVE-2023-24431)

– CSRF vulnerability and missing permission checks in Orka by MacStadium Plugin allow capturing credentials (CVE-2023-24432, CVE-2023-24433)

– CSRF vulnerability and missing permission checks in GitHub Pull Request Builder Plugin (CVE-2023-24434, CVE-2023-24435)

– Missing permission check in GitHub Pull Request Builder Plugin allows enumerating credentials IDs (CVE-2023-24436)

– CSRF vulnerability and missing permission checks in JIRA Pipeline Steps Plugin (CVE-2023-24437, CVE-2023-24438)

– Keys stored in plain text by JIRA Pipeline Steps Plugin (CVE-2023-24439, CVE-2023-24440)

– XXE vulnerability on agents in MSTest Plugin (CVE-2023-24441)

– Credentials stored in plain text by GitHub Pull Request Coverage Status Plugin (CVE-2023-24442)

– XXE vulnerability in TestComplete support Plugin (CVE-2023-24443)

– Session fixation vulnerability in OpenID Plugin (CVE-2023-24444)

– Open redirect vulnerability in OpenID Plugin (CVE-2023-24445)

– CSRF vulnerability in OpenID Plugin (CVE-2023-24446)

– CSRF vulnerability and missing permission check in RabbitMQ Consumer Plugin (CVE-2023-24447, CVE-2023-24448)

– Path traversal vulnerability in PWauth Security Realm Plugin (CVE-2023-24449)

– Passwords stored in plain text by view-cloner Plugin (CVE-2023-24450)

– Missing permission checks in Cisco Spark Notifier Plugin allow enumerating credentials IDs (CVE-2023-24451)

– CSRF vulnerability and missing permission check in TestQuality Updater Plugin (CVE-2023-24452, CVE-2023-24453)

– Password stored in plain text by TestQuality Updater Plugin (CVE-2023-24454)

– Path traversal vulnerability in visualexpert Plugin (CVE-2023-24455)

– Session fixation vulnerability in Keycloak Authentication Plugin (CVE-2023-24456)

– CSRF vulnerability in Keycloak Authentication Plugin (CVE-2023-24457)

– CSRF vulnerability and missing permission check in BearyChat Plugin (CVE-2023-24458, CVE-2023-24459)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.Read More