Jenkins Plugin Security Fixes: XSS, XXE, Session Fixation, Script Bypass (SECURITY-3010/3361/3362/3466/3473)

From this webpage screenshot, the following key information about vulnerabilities can be obtained: 1. Vulnerability Descriptions: - Missing permission check in Script Security Plugin: The Script Security Plugin does not perform permission checks when handling file system operations, allowing attackers with Overall/Read permissions to check whether files exist in the controller's file system. - Rebuilding a run with revoked script approval allowed by Pipeline: Groovy Plugin: The Groovy Plugin does not verify if a script's approval has been revoked when rebuilding, allowing attackers with Item/Build permissions to rebuild scripts that were previously revoked. - Restarting a run with revoked script approval allowed by Pipeline: Declarative Plugin: The Declarative Plugin does not check if a script's approval has been revoked when restarting, allowing attackers with Item/Build permissions to restart scripts that were previously revoked. - Stored XSS vulnerability in Authorize Project Plugin: The Authorize Project Plugin does not perform JavaScript security checks when handling project names, allowing attackers with Item/Configure permissions to exploit a stored XSS vulnerability. - Session fixation vulnerability in OpenID Connect Authentication Plugin: The OpenID Connect Authentication Plugin does not clear sessions upon login, allowing attackers to gain administrative privileges via social engineering. - XXE vulnerability in IvyTrigger Plugin: The IvyTrigger Plugin does not check for XML External Entity (XXE) parsing when processing Ivy scripts, allowing attackers to exploit XXE vulnerabilities to control input files. - Script security bypass vulnerability in Shared Library Version Override Plugin: The Shared Library Version Override Plugin does not perform sandbox checks when handling library versions, allowing attackers with Item/Configure permissions to bypass sandbox protections. 2. Affected Versions: - Authorize Project Plugin: Versions 1.7.2 and earlier - IvyTrigger Plugin: Versions 1.01 and earlier - OpenID Connect Authentication Plugin: Versions 4.418.vccc7061f5b_6d and earlier - Pipeline: Declarative Plugin: Versions 2.2214.vb_b_34b_2ea_9b_83 and earlier - Pipeline: Groovy Plugin: Versions 3990.vd281dd77a_388 and earlier - Script Security Plugin: Versions 1367.vdf2fc45f229c and earlier - Shared Library Version Override Plugin: Versions 17.v786074c9fce7 and earlier 3. Remediation Measures: - Upgrade the affected plugins to the latest versions to fix the aforementioned vulnerabilities. 4. Acknowledgments for Vulnerability Reports: - Daniel Beck, CloudBees, Inc. for SECURITY-3466 - Kevin Guerroudj, CloudBees, Inc. for SECURITY-3010, SECURITY-3361, SECURITY-3362, SECURITY-3473 This information helps users understand known security vulnerabilities in Jenkins, their impact scope, and take appropriate actions to remediate them.

Goal Reached Thanks to every supporter — we hit 100%!

Jenkins Plugin Security Fixes: XSS, XXE, Session Fixation, Script Bypass (SECURITY-3010/3361/3362/3466/3473)