Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.17 Multiple Vulnerabilities (CloudBees Security Advisory 2023-05-16)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.17. It is, therefore, affected by multiple vulnerabilities including the following:

– CSRF vulnerability and missing permission checks in Code Dx Plugin (CVE-2023-2195, CVE-2023-2631)

– Missing permission checks in Code Dx Plugin (CVE-2023-2196)

– API keys stored and displayed in plain text by Code Dx Plugin (CVE-2023-2632, CVE-2023-2633)

– Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)

– CSRF vulnerability in LDAP Plugin (CVE-2023-32978)

– Missing permission check in Email Extension Plugin (CVE-2023-32979)

– CSRF vulnerability in Email Extension Plugin (CVE-2023-32980)

– Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin (CVE-2023-32981)

– Secrets stored and displayed in plain text by Ansible Plugin (CVE-2023-32982, CVE-2023-32983)

– Stored XSS vulnerability in TestNG Results Plugin (CVE-2023-32984)

– Path traversal vulnerability in Sidebar Link Plugin (CVE-2023-32985)

– Arbitrary file write vulnerability in File Parameter Plugin (CVE-2023-32986)

– CSRF vulnerability in Reverse Proxy Auth Plugin (CVE-2023-32987)

– Missing permission check in Azure VM Agents Plugin allows enumerating credentials IDs (CVE-2023-32988)

– CSRF vulnerability and missing permission checks in Azure VM Agents Plugin (CVE-2023-32989, CVE-2023-32990)

– CSRF vulnerability and missing permission checks in SAML Single Sign On(SSO) Plugin allow XXE (CVE-2023-32991, CVE-2023-32992)

– Missing hostname validation in SAML Single Sign On(SSO) Plugin (CVE-2023-32993)

– SSL/TLS certificate validation unconditionally disabled by SAML Single Sign On(SSO) Plugin (CVE-2023-32994)

– CSRF vulnerability and missing permission check in SAML Single Sign On(SSO) Plugin (CVE-2023-32995, CVE-2023-32996)

– Session fixation vulnerability in CAS Plugin (CVE-2023-32997)

– CSRF vulnerability and missing permission check in AppSpider Plugin (CVE-2023-32998, CVE-2023-32999)

– Credentials displayed without masking by NS-ND Integration Performance Publisher Plugin (CVE-2023-33000)

– Improper masking of credentials in HashiCorp Vault Plugin (CVE-2023-33001)

– Stored XSS vulnerability in TestComplete support Plugin (CVE-2023-33002)

– CSRF vulnerability and missing permission checks in Tag Profiler Plugin (CVE-2023-33003, CVE-2023-33004)

– Session fixation vulnerability in WSO2 Oauth Plugin (CVE-2023-33005)

– CSRF vulnerability in WSO2 Oauth Plugin (CVE-2023-33006)

– Stored XSS vulnerability in LoadComplete support Plugin (CVE-2023-33007)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.Read More