Jenkins Security Advisory: Stored XSS in Sonargraph, CSRF in Fortify, and RCE in ElasticBox Plugin

Jenkins Security Advisory 2020-07-02 Critical Vulnerabilities Stored XSS Vulnerability in Sonargraph Integration Plugin - CVE-2020-2201 - Severity: Medium - Affected Plugin: Sonargraph Integration Plugin - Description: Users with Job/Configure permission can exploit the vulnerability. CSRF Vulnerability and Missing Permission Checks in Fortify on Demand Plugin - CVE-2020-2203 - Severity: Medium - Affected Plugin: Fortify on Demand Plugin - Description: Users can exploit this to enumerate credentials or conduct CSRF attacks. RCE Vulnerability in ElasticBox Jenkins Kubernetes CI/CD Plugin - CVE-2020-2211 - Severity: High - Affected Plugin: ElasticBox Jenkins Kubernetes CI/CD Plugin - Description: Remote code execution (RCE) vulnerability exploitable by users capable of providing YAML input files. Severity Low: - SECURITY-1576 Medium: - SECURITY-1576, SECURITY-1627, SECURITY-1630, SECURITY-1632, SECURITY-1656, SECURITY-1672, SECURITY-1686, SECURITY-1690, SECURITY-1691, SECURITY-1728 (1), SECURITY-1728 (2), SECURITY-1738 High: - SECURITY-1783 Affected Versions and Fixes Affected Versions: - Various plugins up to and including specific versions. Fix: - Update to the latest versions of affected plugins.

目標達成 すべての支援者に感謝 — 100%達成しました！

Jenkins Security Advisory: Stored XSS in Sonargraph, CSRF in Fortify, and RCE in ElasticBox Plugin

目標達成すべての支援者に感謝 — 100%達成しました！