以下是该网页截图中关于漏洞的关键信息,以简洁的Markdown格式表示: --- Jenkins Security Advisory 2023-05-16 描述 该公告报告了以下Jenkins插件中存在的一系列漏洞: Stored XSS Vulnerability in Pipeline: Job Plugin - 安全性: High CSRF Vulnerability in LDAP Plugin - 安全性: Medium Missing Permission Check in Email Extension Plugin - 安全性: Medium Arbitrary File Write Vulnerability in Pipeline Utility Steps Plugin - 安全性: Medium Secrets Stored and Displayed in Plain Text by Ansible Plugin - 安全性: Medium Stored XSS Vulnerability in TestNG Results Plugin - 安全性: High Path Traversal Vulnerability in Sidebar Link Plugin - 安全性: Medium Arbitrary File Write Vulnerability in File Parameter Plugin - 安全性: High CSRF Vulnerability in Reverse Proxy Auth Plugin - 安全性: Medium Missing Permission Check in Azure VM Agents Plugin - 安全性: Medium CSRF Vulnerability and Missing Permission Checks in Azure VM Agents Plugin - 安全性: Medium CSRF Vulnerability and Missing Permission Checks in SAML Single Sign On (SSO) Plugin - 安全性: High Missing Hostname Validation in SAML Single Sign On (SSO) Plugin - 安全性: Medium SSL/TLS Certificate Validation Unconditionally Disabled by SAML Single Sign On (SSO) Plugin - 安全性: Medium Missing Hostname Validation in SAML Single Sign On (SSO) Plugin - 安全性: Medium Session Fixation Vulnerability in CAS Plugin - 安全性: High CSRF Vulnerability and Missing Permission Checks in Code Dx Plugin - 安全性: Medium Missing Permission Checks in Code Dx Plugin - 安全性: Medium API Keys Stored and Displayed in Plain Text by Code Dx Plugin - 安全性: Medium CSRF Vulnerability and Missing Permission Check in AppSpider Plugin - 安全性: Medium Credentials Displayed Without Masking by NS-ND Integration Performance Publisher Plugin - 安全性: Low Improper Masking of Credentials in HashiCorp Vault Plugin - 安全性: Medium 修复 更新所有受影响的插件到最新版本。 除了特定说明的插件,所有受影响版本都有可用的修复补丁。 ---