Jenkins Security Advisory: Sandbox Bypass, XXE, Stored XSS in Multiple Plugins

Jenkins Security Advisory 2020-03-09 Key Vulnerability Information Sandbox Bypass Vulnerability in Script Security Plugin - CVE: SECURITY-1754 / CVE-2020-2134 (constructors), CVE-2020-2135 (GroovyInterceptable) - Severity: High - Affected Plugin: script-security - Description: Allows attackers to bypass sandbox protection and execute arbitrary code in the Jenkins controller JVM. Stored XSS Vulnerability in Git Plugin - CVE: SECURITY-1723 / CVE-2020-2136 - Severity: Medium - Affected Plugin: git - Description: Results in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission. Stored XSS Vulnerability in Timestamp Plugin - CVE: SECURITY-1784 / CVE-2020-2137 - Severity: Medium - Affected Plugin: timetamper - Description: Allows attackers to exploit stored XSS through improperly formatted timestamps. XXE Vulnerability in Cobertura Plugin - CVE: SECURITY-1700 / CVE-2020-2138 - Severity: High - Affected Plugin: cobertura - Description: Allows XML external entity (XXE) attacks. Arbitrary File Write Vulnerability in Cobertura Plugin - CVE: SECURITY-1668 / CVE-2020-2139 - Severity: Medium - Affected Plugin: cobertura - Description: Allows attackers to control file paths and overwrite any file on the Jenkins controller file system. XSS Vulnerability in Audit Trail Plugin - CVE: SECURITY-1722 / CVE-2020-2140 - Severity: Medium - Affected Plugin: audit-trail - Description: Reflective XSS vulnerability due to unescaped error messages. CSRF Vulnerability and Missing Permission Checks in P4 Plugin - CVE: SECURITY-1765 / CVE-2020-2141 (CSRF), CVE-2020-2142 (missing permission check) - Severity: Medium - Affected Plugin: p4 - Description: Lack of permission checks on HTTP endpoints leading to CSRF attacks. Credentials Transmitted in Plain Text by Logstash Plugin - CVE: SECURITY-1516 / CVE-2020-2143 - Severity: Low - Affected Plugin: logstash - Description: Credentials stored in configuration files without encryption. XXE Vulnerability in Rundeck Plugin - CVE: SECURITY-1702 / CVE-2020-2144 - Severity: High - Affected Plugin: rundeck - Description: Allows XML external entity attacks leading to secrets extraction. Credentials Stored in Plain Text by Zephyr Enterprise Test Management Plugin - CVE: SECURITY-1596 / CVE-2020-2145 - Severity: Low - Affected Plugin: zephyr-enterprise-test-management - Description: Passwords stored in plain text in configuration files. Missing SSH Host Key Validation in Mac Plugin - CVE: SECURITY-1692 / CVE-2020-2146 - Severity: Medium - Affected Plugin: mac - Description: Lack of SSH host key validation leading to Man-in-the-Middle attacks. CSRF Vulnerability and Missing Permission Checks in Mac Plugin - CVE: SECURITY-1761 / CVE-2020-2147 (CSRF), CVE-2020-2148 (missing permission check) - Severity: Medium - Affected Plugin: mac - Description: Lack of permission checks on form validation leading to CSRF attacks. Credentials Transmitted in Plain Text by Repository Connector Plugin - CVE: SECURITY-1520 / CVE-2020-2149 - Severity: Low - Affected Plugin: repository-connector - Description: Credentials stored in configuration files without encryption. Credentials Transmitted in Plain Text by Sonar Quality Gates Plugin - CVE: SECURITY-1523 / CVE-2020-2150 - Severity: Low - Affected Plugin: sonar-quality-gates - Description: Credentials stored in configuration files without encryption. Credentials Transmitted in Plain Text by Quality Gates Plugin - CVE: SECURITY-1519 / CVE-2020-2151 - Severity: Low - Affected Plugin: quality-gates - Description: Credentials stored in configuration files without encryption. XSS Vulnerability in Subversion Release Manager Plugin - CVE: SECURITY-1727 / CVE-2020-2152 - Severity: Medium - Affected Plugin: svn-release-mgr - Description: Reflective XSS vulnerability due to unescaped error messages. Credentials Transmitted in Plain Text by Backlog Plugin - CVE: SECURITY-1510 / CVE-2020-2153 - Severity: Low - Affected Plugin: backlog - Description: Credentials stored in configuration files without encryption. Credentials Stored in Plain Text by Zephyr for JIRA Test Management Plugin - CVE: SECURITY-1550 / CVE-2020-2154 - Severity: Low - Affected Plugin: zephyr-for-jira-test-management - Description: Credentials stored in configuration files without encryption. Credentials Transmitted in Plain Text by OpenShift Deployer Plugin - CVE: SECURITY-1518 / CVE-2020-2155 - Severity: Low - Affected Plugin: openshift-deployer - Description: Credentials stored in configuration files without encryption. Credentials Transmitted in Plain Text by DeployHub Plugin - CVE: SECURITY-1511 / CVE-2020-2156 - Severity: Low - Affected Plugin: deployhub - Description: Credentials stored in configuration files without encryption. Credentials Transmitted in Plain Text by Skytap Cloud CI Plugin - CVE: SECURITY-1522 / CVE-2020-2157 - Severity: Low - Affected Plugin: skytap - Description: Credentials stored in configuration files without encryption. RCE Vulnerability in Lit

目標達成 すべての支援者に感謝 — 100%達成しました！

Jenkins Security Advisory: Sandbox Bypass, XXE, Stored XSS in Multiple Plugins

目標達成すべての支援者に感謝 — 100%達成しました！