The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.277.x prior to 2.277.43.0.8, 2.303.x prior to 2.303.30.0.7, or 2.x prior to 2.332.1.5. It is, therefore, affected by multiple vulnerabilities, including the following:

  - A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin     189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service     using an attacker-specified token. (CVE-2022-27198)

  - Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent     message to agents, and implements no limitations about the file path that can be parsed, allowing     attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities     for extraction of secrets from the Jenkins controller or server-side request forgery. (CVE-2022-27201)

  - A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c     and earlier allows attackers to connect to an attacker-specified URL. (CVE-2022-27204)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its their self-reported version number, the version of Jenkins plugins running on the remote web server are Jenkins CloudBees AWS Credentials Plugin prior to 191., Dashboard View Plugin prior to 2.18.1, Environment Dashboard Plugin 1.1.10 or earlier, Extended Choice Parameter Plugin 346. or earlier, Favorite Plugin prior to 2.4.1, Folder-based Authorization Strategy Plugin prior to 1.4, GitLab Authentication Plugin 1.13 or earlier, Kubernetes Continuous Deploy Plugin 2.3.1 or earlier, List Git Branches Parameter Plugin 0.0.9 or earlier, Parameterized Trigger Plugin prior to 2.43.1, Release Helper Plugin 1.3.3 or earlier, Semantic Versioning Plugin prior to 1.14, Vmware vRealize CodeStream Plugin 1.2 or earlier, dbCharts Plugin 0.5.2 or earlier, global-build-stats Plugin 1.5 or earlier, incapptic connect uploader Plugin 1.15 or earlier. They are, therefore, affected by multiple vulnerabilities:

  - Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds     triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their     `build.xml` files. These values are stored unencrypted and can be viewed by users with access to the     Jenkins controller file system. (CVE-2022-27195)

  - Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column,     resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with     Item/Configure or Item/Create permissions. (CVE-2022-27196)

  - Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's     Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers     able to configure views. (CVE-2022-27197)

  - A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin     189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service     using an attacker-specified token. (CVE-2022-27198)

  - A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier     allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified     token. (CVE-2022-27199)

  - Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles     shown on the configuration form, resulting in a stored cross-site scripting (XSS) vulnerability     exploitable by attackers with Overall/Administer permission. (CVE-2022-27200)

  - Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent     message to agents, and implements no limitations about the file path that can be parsed, allowing     attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities     for extraction of secrets from the Jenkins controller or server-side request forgery. (CVE-2022-27201)

  - Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and     description of extended choice parameters of radio buttons or check boxes type, resulting in a stored     cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
    (CVE-2022-27202)

  - Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with     Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins     controller. (CVE-2022-27203)

  - A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c     and earlier allows attackers to connect to an attacker-specified URL. (CVE-2022-27204)

  - A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier     allows attackers with Overall/Read permission to connect to an attacker-specified URL. (CVE-2022-27205)

  - Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the     global config.xml file on the Jenkins controller where it can be viewed by users with access to the     Jenkins controller file system. (CVE-2022-27206)

  - Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart     configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS)     vulnerability exploitable by attackers with Overall/Administer permission. (CVE-2022-27207)

  - Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create     permission to read arbitrary files on the Jenkins controller. (CVE-2022-27208)

  - A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows     attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
    (CVE-2022-27209)

  - A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and     earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified     credentials IDs obtained through another method, capturing credentials stored in Jenkins. (CVE-2022-27210)

  - A missing/An incorrect permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier     allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using     attacker-specified credentials IDs obtained through another method, capturing credentials stored in     Jenkins. (CVE-2022-27211)

  - Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git     branches (and more)' parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable     by attackers with Item/Configure permission. (CVE-2022-27212)

  - Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the     Component order configuration values in its views, resulting in a stored cross-site scripting (XSS)     vulnerability exploitable by attackers with View/Configure permission. (CVE-2022-27213)

  - A cross-site request forgery (CSRF) vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier     allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
    (CVE-2022-27214)

  - A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with     Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
    (CVE-2022-27215)

  - Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global     configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins     controller file system. (CVE-2022-27216)

  - Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml     files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access     to the Jenkins controller file system. (CVE-2022-27217)

  - Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml     files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access     to the Jenkins controller file system. (CVE-2022-27218)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
161441	Jenkins Enterprise and Operations Center 2.277.x < 2.277.43.0.8 / 2.303.x < 2.303.30.0.7 / 2.332.1.5 Multiple Vulnerabilities (CloudBees Security Advisory 2022-03-15)	Nessus	CGI abuses	5/23/2022	6/4/2024	high
158977	Jenkins plugins Multiple Vulnerabilities (2022-03-15)	Nessus	CGI abuses	3/16/2022	6/5/2024	high

Detections

Analytics

Plugins Search

high

high