Jenkins Plugin Vulnerabilities Advisory: XSS, XXE, and RCE in Multiple Plugins

From this webpage screenshot, the following key information about the vulnerabilities can be obtained: 1. Vulnerability Descriptions: - Script Security Plugin: The plugin does not perform permission checks when verifying file existence, allowing attackers with Overall/Read permissions to check whether files exist in the controller's filesystem. - Pipeline: Groovy Plugin: The plugin does not check whether the main script is approved when allowing rebuilds of unapproved builds. - Pipeline: Declarative Plugin: The plugin does not check whether the main script is approved when allowing restarts of unapproved builds. - Authorize Project Plugin: The plugin uses JavaScript to evaluate strings containing workspace names on the authorization page, leading to a stored XSS vulnerability. - OpenID Connect Authentication Plugin: The plugin does not clear existing sessions during login, allowing attackers to gain admin privileges via social engineering. - IvyTrigger Plugin: The plugin allows attackers to control input files in build triggers, resulting in an XXE vulnerability. - Shared Library Version Override Plugin: The plugin lacks sandbox protection when configuring library overrides at the folder level, enabling attackers to execute unprotected code. 2. Affected Versions: - Authorize Project Plugin: Versions 1.7.2 and earlier. - IvyTrigger Plugin: Versions 1.01 and earlier. - OpenID Connect Authentication Plugin: Versions 4.418.vccc7061f5b_6d and earlier. - Pipeline: Declarative Plugin: Versions 2.2214.vb_b_34b_2ea_9b_83 and earlier. - Pipeline: Groovy Plugin: Versions 3990.vd281dd77a_388 and earlier. - Script Security Plugin: Versions 1367.vdf2fc45f229c and earlier. - Shared Library Version Override Plugin: Versions 17.v786074c9fce7 and earlier. 3. Remediation: - Update the affected plugins to the latest versions to fix the vulnerabilities. 4. Credits: - Thanks to the individuals who reported the vulnerabilities, including Daniel Beck and Kevin Guerroudj. This information helps users identify which plugins are vulnerable and how to mitigate the risks by updating to the latest versions.

Goal Reached Thanks to every supporter — we hit 100%!

Jenkins Plugin Vulnerabilities Advisory: XSS, XXE, and RCE in Multiple Plugins