Detections
Analytics

Jenkins plugins Multiple Vulnerabilities (2025-01-22)

high Nessus Plugin ID 214537

Synopsis

An application running on a remote web server host is affected by multiple vulnerabilities

Description

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities:

 - Jenkins OpenId Connect Authentication Plugin 4.452.v2849b_d3945fa_ and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing attackers on Jenkins instances configured with a case-sensitive OpenID Connect provider to log in as any user by providing a username that differs only in letter case, potentially gaining administrator access to Jenkins. (CVE-2025-24399)

 - Jenkins Eiffel Broadcaster Plugin 2.8.0 through 2.10.2 (both inclusive) uses the credential ID as the cache key during signing operations, allowing attackers able to create a credential with the same ID as a legitimate one in a different credentials store to sign an event published to RabbitMQ with the legitimate credentials. (CVE-2025-24400)

 - Jenkins Folder-based Authorization Strategy Plugin 217.vd5b_18537403e and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted (typically optional permissions, like Overall/Manage) to access functionality they're no longer entitled to.
 (CVE-2025-24401)

 - A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers to connect to a Service Fabric URL using attacker-specified credentials IDs obtained through another method. (CVE-2025-24402)

 - Cleartext storage of sensitive information in the Zoom Jenkins bot plugin before version 1.6 may allow an authenticated user to conduct a disclosure of information via network access. Users can update to the latest version at https://plugins.jenkins.io/zoom/releases/. (CVE-2025-0142)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update Jenkins plugins to the following versions:
 - Azure Service Fabric Plugin: See vendor advisory
 - Bitbucket Server Integration Plugin to version 4.1.4 or later
 - Eiffel Broadcaster Plugin to version 2.10.3 or later
 - Folder-based Authorization Strategy Plugin: See vendor advisory
 - GitLab Plugin to version 1.9.7 or later
 - OpenId Connect Authentication Plugin to version 4.453.v4d7765c854f4 or later
 - Zoom Plugin to version 1.4 / 1.6 or later

See vendor advisory for more details.

See Also

https://jenkins.io/security/advisory/2025-01-22

Plugin Details

Severity: High

ID: 214537

File Name: jenkins_security_advisory_2025-01-22_plugins.nasl

Version: 1.1

Type: combined

Agent: windows, macosx, unix

Family: CGI abuses

Published: 1/23/2025

Updated: 1/23/2025

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2025-24398

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2025-24399

Vulnerability Information

CPE: cpe:/a:jenkins:jenkins, cpe:/a:cloudbees:jenkins

Required KB Items: installed_sw/Jenkins

Exploit Ease: No known exploits are available

Patch Publication Date: 1/22/2025

Vulnerability Publication Date: 1/14/2025

Reference Information

CVE: CVE-2025-0142, CVE-2025-24397, CVE-2025-24398, CVE-2025-24399, CVE-2025-24400, CVE-2025-24401, CVE-2025-24402, CVE-2025-24403