According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities:

  - Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command     parser that replaces an '@' character followed by a file path in an argument with the file's contents,     allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins     controller file system. (CVE-2024-23899)

  - Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of     multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any     config.xml files on the Jenkins controller file system with content not controllable by the attackers.
    (CVE-2024-23900)

  - Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects     that are shared with the configured owner group, allowing attackers to configure and share a project,     resulting in a crafted Pipeline being built by Jenkins during the next scan of the group. (CVE-2024-23901)

  - A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin     684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL. (CVE-2024-23902)

  - Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison     function when checking whether the provided and expected webhook token are equal, potentially allowing     attackers to use statistical methods to obtain a valid webhook token. (CVE-2024-23903)

  - Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be     affected by a security flaw, which was missing a permission check while performing a connectivity check to     Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to     utilize the plugin to configure a potential rouge endpoint via which it was possible to control response     for certain request which could be injected with XSS payloads leading to XSS while processing the response     data (CVE-2023-6148)

  - Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be     affected by a security flaw, which was missing a permission check while performing a connectivity check to     Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize the     plugin and configure potential a rouge endpoint via which it was possible to control response for certain     request which could be injected with XXE payloads leading to XXE while processing the response data     (CVE-2023-6147)

  - Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-     Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers     for download. (CVE-2024-23905)

  - Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that     replaces an '@' character followed by a file path in an argument with the file's contents, allowing     unauthenticated attackers to read content from arbitrary files on the Jenkins controller file system.
    (CVE-2024-23904)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Jenkins plugins Multiple Vulnerabilities (2024-01-24)

high Nessus Plugin ID 189462

Version 1.3

Version 1.2

Version 1.1

Version 1.0

Version 1.3 Oct 4, 2024, 1:49 AM Plugin metadata Plugin Feed: 202410040149
Version 1.2 Jun 5, 2024, 10:55 AM Required Scan configuration ("Enable cgi scanning" set to "True") Plugin Feed: 202406051055
Version 1.1 Jan 30, 2024, 3:19 PM CVSS metrics ("CVSSv2 score" set to 7.8. "CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N". "CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N". "CVSSv3 score" set to 7.5) CVSSv2 score source (changed from "CVE-2023-6147" to "CVE-2024-23904") CVSSv2 severity (based on CVE-2024-23904, severity increased from "Medium" to "High") CVSSv3 severity (based on None, severity increased from "Medium" to "High") Plugin Feed: 202401301519
Version 1.0 Jan 24, 2024, 11:21 PM New Plugin Feed: 202401242321