The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.

CVE-2020-11738: Duplicator Changelog History – Snap Creek Software

Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.

**February 2, 2023**   
_Software version: 1956046040_

*   Improved performance and reliability of the system

**December 12, 2022**   
_Software version: 1955082050_

*   Improved performance and reliability of the system

**September 19, 2022**   
_Software version: 1953188020_

*   Moved to new MQTT-based cloud services to update Zigbee device software and improved connectivity to other cloud services. Other services that update the Hue Bridge’s software are no longer supported.

**August 22, 2022**   
_Software version: 1953090030_

*   Improved performance and reliability of the system

**July 25, 2022**  
_Software version: 1952154030_

*   Improved performance and reliability of the system

**June 27, 2022**   
_Software version: 1952086020_

*   Moved to new MQTT-based cloud services to update the Hue Bridge software
*   Improved connectivity to other cloud services

**June 23, 2022**  
_Software version: 1952086010_

*   Moved to new MQTT-based cloud services to update the Hue Bridge software
*   Improved connectivity to other cloud services

**June 13, 2022**   
_Software version: 1952043030_

*   Improved performance and reliability of the system 

**June 6, 2022**   
_Software version: 1951146040_

*   Improved performance and reliability of the system

**May 2, 2022**   
_Software version: 1951086030_

*   Improved performance and reliability of the system

**April 4, 2022**   
_Software version: 1950207110_

*   Improved performance and reliability of the system  
    

**March 14, 2022**_  
Software version: 1950111030_

*   Improved performance and reliability of the system  
    

**January 24, 2022**   
_Software version: 1949203030_

*   Improved performance and reliability of the system  
    

**January 3, 2022**   
_Software version 1949107040_

*   Improved performance and reliability of the system 
    

**November 1, 2021** _Software version 1948086000_

*   Improved performance and reliability of the system

**October 18, 2021**   
_Software version 1947108030_

*   Improved performance and reliability of the system

**October 1, 2021  
**_Software version 1947054060_

*   Resolves a problem that, in rare cases, resulted in an unresponsive Hue Bridge
*   Improved performance, security and reliability of the system

**September 13, 2021**  _Software version 1947054040_ 

*   Improved performance and reliability of the system   
    

**August 16, 2021** _Software update 1946157000 (Hue Bridge v2)_

This update includes the following:

*   Improved performance and reliability of the system
    

**July 19, 2021**   
_Software update 1946080020 (Hue Bridge v2)_

This update includes the following:

*   Improved performance and reliability of the system

**July 2, 2021**  
_Software update 1945163030 (Hue Bridge v2)_

This update includes the following:

*   Improved performance and reliability of the system

**May 21, 2021  
**_Software update 1945091050 (Hue Bridge v2)_

This update includes the following:

*   We proudly present the new Philips Hue app v4.0. Rebuilt from the ground up, the all-new Philips Hue app has been designed as the foundation for the future of smart lighting. This Bridge firmware-version supports the new technologies and improved performance of the new Hue app.  
    
*   Support for multiple Play gradient lightstrips in different Entertainment areas (requires Hue sync box firmware 1.7 or higher)
*   Improved performance and reliability of the system

**April 28, 2021  
**_Software update 1944193080 (Hue Bridge v2)_

This update includes the following:

*   Improved performance and reliability of the system  
    

**April 14, 2021  
**_Software update 1944102110 (Hue Bridge v2)_

This update includes the following:

*   Improved performance and reliability of the system

**March 12, 2021  
**_Firmware 1943185030 (Bridge v2)_

This update includes the following:

*   Improved performance and reliability of the system

**February 8, 2021  
**_Firmware 1943082030 (Bridge v2)_

This update includes the following:

*   Improved performance and reliability of the system

**January 7, 2021  
**_Firmware 1942135050 (Bridge v2)_

This update includes the following:

*   Updated time zone database, which allows the Hue Bridge to handle daylight saving time correctly around the globe
*   Improved performance and reliability of the system

**November 11, 2020  
**_Firmware 1941132070 (Bridge v2)_

This update includes the following:

*   Added support for Apple HomeKit Adaptive Lighting in the Hue Bridge _Note: This feature requires an Apple TV, HomePod, or iPad set up as a home hub._
*   Improved performance and reliability of the system

**September 30, 2020  
**_Firmware 1941056000_

This update includes the following:

*   Support for the Play gradient lightstrip and the Centris ceiling spot light
*   Improved performance and reliability of the system

**August 31, 2020  
**_Firmware 1940094000_

This update improves performance and reliability of the Philips Hue system. 

**August 3, 2020  
**_Firmware 1940042020_

This update includes the following:

*   Updated time zones that match Daylight Saving Time changes
*   Improved performance and reliability of the system

**June 22, 2020  
**_Firmware 01043155 (Bridge V1)_

With this update, the Hue Bridge v1 will not be supported any longer and continue to work only locally (without internet). This means the following: :

*   The Hue Bridge v1 will no longer receive updates, new features, or security patches.  
*   Away-from-home control and Home & Away will no longer be supported. 
*   Cloud-based voice control will no longer be supported. 
*   Login functionality for your Hue account — which gives you remote access to your lights — will be disabled. 
*   Third-party and partner functionalities, such as Google Voice and IFTTT, that are controlled via the cloud are no longer supported.

For more information, go to www.philips-hue.com/endofsupportpolicy

**June 8, 2020  
**_Firmware 1939070020 (Bridge V2)_

This update includes the following:

*   Resolved an issue where some new Hue Tap switches could not be added to the Hue Bridge
*   Resolved an issue where Apple HomeKit incorrectly alerted that there were software updates available
*   Updated time zones to match Daylight Saving Time changes
*   Removed the version name of the operating system from the Hue Bridge discovery message
*   Improved performance and reliability of the system

**May 11, 2020  
**_Firmware 1938112040 (Bridge V2)_

This update provides the following:

*   Improved performance and reliability of the system
*   Improved mDNS compatibility

**April 15, 2020  
**_Firmware 1938052050, 1938052051, 1938052060, 1938052061, 1938052070, 1938052071 (Bridge V2)_

We regularly update your Hue Bridge to improve the performance and reliability of the system.

*   Improved the way your Hue Bridge handles firmware updates

**March 16, 2020  
**_Firmware 1937113020 (Bridge V2)_

*   Updated the time zones to match Daylight Saving Time changes

**February 24, 2020  
**_Firmware 19370450000 (Bridge V2)_

We regularly update your Hue Bridge to improve the performance and reliability of the system.

*   Added support for HTTP/2
*   Fixed an issue that could unintentionally restart the Hue Bridge
*   Updated the time zones to match Daylight Saving Time changes
*   Improved deep dimming behavior for older lights
*   Changed the manufacturer name to Signify in HomeKit
*   Improved reliability and security of the Hue Bridge

**January 13, 2020**  
_Firmware 1935144040 (Bridge V2)_

*   We regularly update your Hue Bridge to improve the performance and reliability of the system.
*   This update includes a patch for a security vulnerability in the Hue Bridge v2

**November 28, 2019**  
_Firmware 01043064 (Bridge V1)_

*   Your Bridge v1 now has updated time zone tables.

**November 18, 2019**  
_Firmware 1935144020 (Bridge V2)_

*   We regularly update your Hue Bridge to improve the performance and reliability of your Hue system.

**October 14, 2019**  
_Firmware 1935074050 (Bridge V2)_

*   Improved the performance of your Hue lights when using the Philips Hue Play HDMI Sync Box — Hue Entertainment is now faster than before!
*   Fixed an issue related to the internal time of your Hue Bridge, which caused erratic behavior in some automated light routines

**September 30, 2019**  
_Firmware \_1934129020 (Bridge V2)_

*   A rare issue that prevented the Wake up from activating correctly
*   An issue that affected the timing of automated light routines
*   We also added a Christmas tree icon for the new Smart plug — just in time for Christmas!

**September 9, 2019**  
_Firmware 1934058060 (Bridge V2)_

*   We have made an improvement that results in longer battery lifetime of battery powered switches.
*   We have resolved a bug which caused the wake-up routines from working properly in some cases.

**August 20, 2019**  
_Firmware 1933144020 (Bridge V2)_

*   We have improved the performance of Hue Entertainment when all used lights are in range of the Hue Bridge.
*   For our developers: We have changed the advertised manufacturer name- and URL on UPnP from Philips Lighting to Signify.

**July 22, 2019**  
_Firmware 1933087030 (Bridge V2)_

*   We have fixed an issue in the Hue Bridge that sometimes the Out-of-Home connection was not working anymore in the Hue mobile app. Sorry to all Hue-lovers that suffered from that.
*   We have improved the way we select a proxy-light in your Entertainment-area to get the best possible performance during light syncing.
*   We have improved the security of your Hue Bridge by moving to a new version of the Linux-kernel.

**June 24, 2019**  
_Firmware 1932126170 (Bridge V2)_

*   We have made some big changes in the Hue Bridge filesystem resulting in better performance. This enables some exciting new features coming up!
*   We implemented improvements in the Hue Bridge so cloud-integrations (i.e. Amazon Alexa and Google Assistant) work more reliable in the future.
*   We improved the reliability of Hue Tap and Friends of Hue Switches, solving an issue where lights would sometimes fail to respond to commands
*   We resolved an issue that lights were wrongly indicated as not supporting Power-on Behaviour in the mobile App although they had that capability before. Thanks for reaching out to us for this issue!

**May 27, 2019**  
_Firmware 1932073040 (Bridge V2):_

*   We have added support in the Bridge for the new Lutron Aurora rotary switch to dim your Philips Hue lights (available in US and Canada only).
*   We have improved support in the Bridge to support Zones. Now you can group your lights in a more flexible way using the Philips Hue mobile app. (Note: this feature is still in Beta).
*   We have resolved a problem in the Bridge that sometimes caused a problem when adding new lights.
*   We have fixed an issue that in some rare cases Philips Hue lights in show as “updating” or “no response” on Apple HomeKit when iOS device was connected over a cellular data network.

**April 24, 2019**  
_Firmware 1931140050_

*   We fixed an issue that in some situations Apple iOS-devices had shorter battery-life when HomeKit was paired with the Hue Bridge.
*   We fixed an issue that some specific Hue Luminaires became unreachable in the Hue mobile app.
*   We fixed an issue on our CLIP-Interface that sometimes an unexpected error message was returned when deleting a Scene.
*   We made the configuration of Power-on Behavior more reliable.
*   We resolved a problem in the Bridge that in some situations a Hue Dimmer Switch could not be added to the Bridge if it was already added before.
*   Besides these noteworthy things, we have fixed a lot of other small things that will make the Hue Bridge more reliable and safer.

**April 2, 2019**  
_Firmware 1931069120 (Bridge V2):_

*   Fixed a problem with Daylight Saving Time (DST) in Ireland that caused light-schedules to trigger at incorrect times. Big apologies to all the people in Ireland suffering from this problem.
*   Fixed a problem that sometimes the communication with the lights was not fully reliable.
*   Fixed a problem that sometimes a software update for a Hue device was displayed in “transferring”-mode forever in the Hue mobile app.
*   Fixed a problem that in some cases the Power-On behavior was not correctly picked-up by the light or did change “spontaneously” over time after configuration in the Hue mobile app.
*   For better security we slightly changed the way apps connect to your Hue Bridge.
*   We fixed an issue that for a limited number of people the Hue Bridge caused a crash of the mobile App when trying to set the home location or to create sunrise- or sunset routines.
*   Besides these, we have fixed a lot of other small things that will make the Hue Bridge more reliable.

**February 7, 2019**  
_Firmware 1901181309 (Bridge V2):_

*   This version includes several bug fixes and performance improvements. 
*   We have also fixed an issue that sometimes a light could not be configured for Power-On Behavior although the software of the light was successfully updated.

**January 8, 2019**  
_Firmware 1811120916 (Bridge V2):_

We update the Hue Bridge firmware regularly to continuously improve your Hue system and your lighting experience.

This version includes several bug fixes and performance improvements:

*   Improved the connection of the Hue Bridge to the cloud
*   Fixed an issue about the date when a lamp was software updated did not show up correctly in the Hue mobile app.
*   Fixed an issue when sometimes lights didn’t change simultaneously when a scene was recalled from the Hue mobile app.
*   Fixed an issue when if the Hue Bridge was configured for HomeKit without the Hue mobile app that lights became unresponsive in HomeKit.

**October 3, 2018**  
_Firmware 1809121051 (Bridge V2)_ 

*    Hotfix to resolve some connectivity changes to cloud   

**September 6, 2018**  
_Firmware 1808300701 (Bridge V2)_

*   Connectivity changes to cloud
*   Various stability and performance improvements

**June 28, 2018**  
_Firmware 1806051111 (Bridge V2)_ 

*   Beta release of HTTPS connection on the bridge and SDK
*   Various stability and performance improvements

**May 15, 2018**  
_Firmware 1804201116 (Bridge V2)_

(only released in NL, GB and CAN)

*   Beta release of HTTPS connection on the bridge and SDK
*   Various stability and performance improvements

**Mar 19, 2018**  
_Firmware 1802201122 (Bridge V2)_   

*   Various stability and performance improvements

**Feb 5, 2018**  
_Firmware 1801260942 (Bridge V2)_

*   Increased capacity for rules, conditions, and actions
*   Support for Zigbee 3.0 capable lights
*   Various stability and performance improvements

_Firmware 01041302 (Bridge V1)_

*   Support for Zigbee 3.0 capable lights
*   Various stability and performance improvements

**Nov 27, 2017**  
_Firmware 1711151408 (Bridge V2)_  

*   Supports entertainment capability
*   Better discovery of bridge in networks with Wi-Fi mesh routers
*   Other stability and other performance improvements

**Oct 2, 2017**  
_Firmware 1709131301 (Bridge V2)_

*   Support for sensors and switches on HomeKit
*   Stability and other performance improvements

**July 31, 2017**  
_Firmware 1707040932 (Bridge V2):_

*   Stability and other performance improvements

**Jun 14, 2017**  
_Firmware 1705121051 (bridge V2):_

*   Stability and other performance improvements

**Apr 12, 2017**  
_Firmware 01038802 (bridge V1):_

*   Stability and other performance improvements  
    

**Apr 11, 2017**  
_Firmware 01039019 (bridge V2):_

*   Stability and other performance improvements  
    

**Feb 20, 2017**  
_Firmware 01038390 (bridge V2):_

*   Performance and reliability improvements between bridge and the cloud
*   Stability and other performance improvements

**Nov 28, 2016**  
_Firmware 01036659 (bridge V1 & V2):_

*   Stability and performance improvements

**Oct 25, 2016**  
_Firmware 01036562 (bridge V1 & V2):_

*   Resolved issues related to commissioning of some third party bulbs
*   Stability and performance improvements

**Sept 19, 2016**  
_Firmware 01035934 (Bridge V1 & V2):_

*   Support for Hue motion sensors
*   Support for Hue connected luminaires
*   Support for Hue white ambiance GU10 and BR30
*   Doubled rule capacity to allow more connected Hue accessories
*   Stability and performance improvements

**July 25, 2016**  
_Firmware: Bridge V1; 01033978 Bridge V2; 01033989_

*   Stability and performance improvements

**May 20, 2016**  
_Firmware 01033370 (Bridge V1 & V2):_

*   Support for White Ambiance proposition

**April 18, 2016**  
_Firmware 01032318 (Bridge V1 & V2):_

*   Improved authentication process for all apps. Note that this may have impact on all mobile apps working with the hue system. See the support pages for more information.
*   Stability and performance improvements

**March 1, 2016**  
_Firmware 01031131 (Bridge V1 & V2):_

*   Color Temperature is now ANSI (American National Standards Institute) compliant.
*   Improved support for legacy products in scenes. Note this may require you to delete the light from your bridge and then re-add it
*   Stability and performance improvements

**Dec 21, 2015**  
_Firmware 01030262 (Bridge V1 & V2):_

*   Roll back of changes restricting addition of new lights from other brands.
*   Roll back of changes to handling of scenes for lights from other brands.

**Dec 15, 2015**  
_Firmware 01030262 (Bridge V1 & V2):_

*   Support for rooms
*   Improve scene sharing
*   Support to remove the HomeKit pairing from the bridge.
*   Added support for transferring your settings to the newly available Hue bridge. Simply plug in your new bridge in addition to your current one and you will be guided through the transfer
*   Stability and performance improvements

**Dec 1, 2015**  
_Firmware 01029624 (Bridge V1 & V2):_

*   Support for rooms
*   Improve scene sharing
*   Support to remove the HomeKit pairing from the bridge.
*   Stability and performance improvements

**Oct 10, 2015**  
_Firmware 01028090 (Bridge V2):_

*   Support for HomeKit on the new square-shaped Philips Hue bridge
*   Support to transfer settings from the old round-shaped Philips Hue bridge to the new square-shaped Philips hue bridge
*   Stability and performance improvements

**June 22, 2015**  
_Firmware 01024156 (Bridge V1):_

*   Support for the Philips Hue wireless dimming kit
*   Support for the Philips Hue LightStrip plus
*   Stability and performance improvements

**March 26, 2015**  
_Firmware 01023599 (Bridge V1):_

*   Support for the app feature “Delete light & devices”.
*   Support for the hue phoenix.
*   Stability and performance improvements

**Dec 17, 2014**  
_Firmware 01018228 (Bridge V1):_

*   Improve hue tap commissioning
*   Stability and performance improvements

**Oct 16, 2014**  
_Firmware 01016441 (Bridge V1):_

*   Support for hue Beyond luminaire
*   Support for hue 3D luminaire
*   Stability and performance improvements

CVE-2020-6007: Philips Hue Support - Release Notes Hue Bridge | Philips Hue US

The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9} format, guessing UNIX timestamps, and making HTTPS requests with the complete guessed URL.

**Exploiting WP Database Backup WordPress Plugin**

This repo will be describe how to exploit WP Database Backup WordPress Plugin versions <=5.5

*   I published this CVE-2020-7241

**About WP Database Backup WordPress Plugin**

WP Database Backup plugin helps you to create Database Backup and Restore Database Backup easily on single click. Manual or Automated Database Backups And also store database backup on safe place- Dropbox,FTP,Email,Google drive, Amazon S3.

More info here

**PoC - Download Database backup**

This PoC is hosted here

![bkp0](https://camo.githubusercontent.com/b40cd4d85ba72e554c7862f8fba9f2b2700ffb833a64cdd11babb3e1a5e29f0d/687474703a2f2f63696265722e73656a616c697672652e6f72672f57502f626b70302e706e67)

![bkp1](https://camo.githubusercontent.com/bb0a81d1fc05d7b8988aa54bc0122de359d70021a32df3b3a98326568a3a266e/687474703a2f2f63696265722e73656a616c697672652e6f72672f57502f626b70312e706e67)

This plugin stores downloads by default locally in the directory `wp-content/uploads/db-backup/` with this syntax:

    [Site_Title]_[Date with EPOC]_[7 characters random ID]_wpdb.zip
    

This directory exposes the backup file to an unauthorized sphere of control (CWE-530) and backup files can be downloaded by unauthorized people in this way:

    curl -O https://poc.sejalivre.org/wp-content/uploads/db-backup/My_Blog_2020_01_20_1579532189_396c2cd_wpdb.zip
    

For example, to list the files in the directory, you can use **Bash Brace Expansion** like this:

    wget https://poc.sejalivre.org/wp-content/uploads/db-backup/My_Blog_2020_{0..1}{0..2}_{0..3}{0..9}_1579532189_396c2cd_wpdb.zip
    

Wildcard is not supported over HTTP, however you can use bash brace expansion to guess the files in the directory.

This is a piece of the sql downloaded:

![bkp3](https://camo.githubusercontent.com/9c8d39edece2968dfa67dc8c2e0d967375fd227f2320616e2a778c22fc84d835/687474703a2f2f63696265722e73656a616c697672652e6f72672f57502f626b70332e706e67)

CVE-2020-7241: Exploiting-WP-Database-Backup-WordPress-Plugin/README.md at master · V1n1v131r4/Exploiting-WP-Database-Backup-WordPress-Plugin

A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient.

This advisory announces vulnerabilities in the following Jenkins deliverables:

*   Amazon EC2 Plugin
*   gitlab-hook Plugin
*   Health Advisor by CloudBees Plugin
*   Redgate SQL Change Automation Plugin
*   Robot Framework Plugin
*   Sounds Plugin

**Descriptions****CSRF vulnerability and missing permission checks in Amazon EC2 Plugin**

**SECURITY-1004 / CVE-2020-2090 (CSRF), CVE-2020-2091 (missing permission check)**

Amazon EC2 Plugin 1.47 and earlier does not perform permission checks in methods performing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.

This vulnerability might also allow attackers to capture credentials stored in Jenkins. We have not been able to confirm that this is possible.

Additionally, these form validation methods do not require POST requests, resulting in a CSRF vulnerability.

Amazon EC2 Plugin 1.48 requires POST requests and Overall/Administer permission for the affected form validation methods.

**XXE vulnerability in Robot Framework Plugin**

**SECURITY-1698 / CVE-2020-2092**

Robot Framework Plugin 2.0.0 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks.

This allows a user able to control the input files for the 'Publish Robot Framework' post-build step to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller, server-side request forgery, or denial-of-service attacks.

Robot Framework Plugin 2.0.1 disables external entity resolution for its XML parser.

**CSRF vulnerability and missing permission checks in Health Advisor by CloudBees Plugin**

**SECURITY-1708 / CVE-2020-2093 (CSRF), CVE-2020-2094 (missing permission check)**

Health Advisor by CloudBees Plugin 3.0 and earlier does not perform permission checks in methods performing form validation. This allows users with Overall/Read access to send an email with fixed content to an attacker-specified recipient.

Additionally, these form validation methods do not require POST requests, resulting in a CSRF vulnerability.

Health Advisor by CloudBees Plugin 3.0.1 requires POST requests and Overall/Administer permission for the affected form validation methods.

**Redgate SQL Change Automation Plugin stored credentials in plain text**

**SECURITY-1696 / CVE-2020-2095**

Redgate SQL Change Automation Plugin 2.0.4 and earlier stores a NuGet API key unencrypted in job config.xml files as part of its configuration. This credential could be viewed by users with Extended Read permission or access to the Jenkins controller file system.

Redgate SQL Change Automation Plugin 2.0.5 now stores the API key encrypted. Existing jobs need to have their configuration saved for existing plain text passwords to be overwritten.

**Reflected XSS vulnerability in gitlab-hook Plugin**

**SECURITY-1683 / CVE-2020-2096**

gitlab-hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint. This results in a reflected cross-site scripting vulnerability.

As of publication of this advisory, there is no fix.

**CSRF vulnerability and missing permission checks in Sounds Plugin allow OS command execution**

**SECURITY-814 / CVE-2020-2097 (permission check), CVE-2020-2098 (CSRF)**

Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation. This allows attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins.

Additionally, these form validation URLs do not require POST requests, resulting in a CSRF vulnerability.

As of publication of this advisory, there is no fix.

**Severity**

*   SECURITY-814: High
*   SECURITY-1004: Low
*   SECURITY-1683: Medium
*   SECURITY-1696: Medium
*   SECURITY-1698: High
*   SECURITY-1708: Medium

**Affected Versions**

*   **Amazon EC2 Plugin** up to and including 1.47
*   **gitlab-hook Plugin** up to and including 1.4.2
*   **Health Advisor by CloudBees Plugin** up to and including 3.0
*   **Redgate SQL Change Automation Plugin** up to and including 2.0.4
*   **Robot Framework Plugin** up to and including 2.0.0
*   **Sounds Plugin** up to and including 0.5

**Fix**

*   **Amazon EC2 Plugin** should be updated to version 1.48
*   **Health Advisor by CloudBees Plugin** should be updated to version 3.0.1
*   **Redgate SQL Change Automation Plugin** should be updated to version 2.0.5
*   **Robot Framework Plugin** should be updated to version 2.0.1

These versions include fixes to the vulnerabilities described above. All prior versions are considered to be affected by these vulnerabilities unless otherwise indicated.

As of publication of this advisory, no fixes are available for the following plugins:

*   gitlab-hook Plugin
*   Sounds Plugin

**Credit**

The Jenkins project would like to thank the reporters for discovering and reporting these vulnerabilities:

*   **Ai Ho (@j3ssiejjj)** for SECURITY-1683
*   **Federico Pellegrin** for SECURITY-1698
*   **Oleg Nenashev, CloudBees, Inc.** for SECURITY-1004
*   **Thomas de Grenier de Latour** for SECURITY-814
*   **Wadeck Follonier, CloudBees, Inc.** for SECURITY-1696

CVE-2020-2094: Jenkins Security Advisory 2020-01-15

A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.

CVE-2020-2091: Jenkins Security Advisory 2020-01-15

Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability.

This advisory announces vulnerabilities in the following Jenkins deliverables:

*   Amazon EC2 Plugin
*   gitlab-hook Plugin
*   Health Advisor by CloudBees Plugin
*   Redgate SQL Change Automation Plugin
*   Robot Framework Plugin
*   Sounds Plugin

**Descriptions****CSRF vulnerability and missing permission checks in Amazon EC2 Plugin**

**SECURITY-1004 / CVE-2020-2090 (CSRF), CVE-2020-2091 (missing permission check)**  
**Severity (CVSS):** Low  
**Affected plugin: ec2**  
**Description:**

Amazon EC2 Plugin 1.47 and earlier does not perform permission checks in methods performing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.

This vulnerability might also allow attackers to capture credentials stored in Jenkins. We have not been able to confirm that this is possible.

Additionally, these form validation methods do not require POST requests, resulting in a CSRF vulnerability.

Amazon EC2 Plugin 1.48 requires POST requests and Overall/Administer permission for the affected form validation methods.

**XXE vulnerability in Robot Framework Plugin**

**SECURITY-1698 / CVE-2020-2092**  
**Severity (CVSS):** High  
**Affected plugin: robot**  
**Description:**

Robot Framework Plugin 2.0.0 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks.

This allows a user able to control the input files for the 'Publish Robot Framework' post-build step to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller, server-side request forgery, or denial-of-service attacks.

Robot Framework Plugin 2.0.1 disables external entity resolution for its XML parser.

**CSRF vulnerability and missing permission checks in Health Advisor by CloudBees Plugin**

**SECURITY-1708 / CVE-2020-2093 (CSRF), CVE-2020-2094 (missing permission check)**  
**Severity (CVSS):** Medium  
**Affected plugin: cloudbees-jenkins-advisor**  
**Description:**

Health Advisor by CloudBees Plugin 3.0 and earlier does not perform permission checks in methods performing form validation. This allows users with Overall/Read access to send an email with fixed content to an attacker-specified recipient.

Additionally, these form validation methods do not require POST requests, resulting in a CSRF vulnerability.

Health Advisor by CloudBees Plugin 3.0.1 requires POST requests and Overall/Administer permission for the affected form validation methods.

**Redgate SQL Change Automation Plugin stored credentials in plain text**

**SECURITY-1696 / CVE-2020-2095**  
**Severity (CVSS):** Medium  
**Affected plugin: redgate-sql-ci**  
**Description:**

Redgate SQL Change Automation Plugin 2.0.4 and earlier stores a NuGet API key unencrypted in job config.xml files as part of its configuration. This credential could be viewed by users with Extended Read permission or access to the Jenkins controller file system.

Redgate SQL Change Automation Plugin 2.0.5 now stores the API key encrypted. Existing jobs need to have their configuration saved for existing plain text passwords to be overwritten.

**Reflected XSS vulnerability in gitlab-hook Plugin**

**SECURITY-1683 / CVE-2020-2096**  
**Severity (CVSS):** Medium  
**Affected plugin: gitlab-hook**  
**Description:**

gitlab-hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint. This results in a reflected cross-site scripting vulnerability.

As of publication of this advisory, there is no fix.

**CSRF vulnerability and missing permission checks in Sounds Plugin allow OS command execution**

**SECURITY-814 / CVE-2020-2097 (permission check), CVE-2020-2098 (CSRF)**  
**Severity (CVSS):** High  
**Affected plugin: sounds**  
**Description:**

Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation. This allows attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins.

Additionally, these form validation URLs do not require POST requests, resulting in a CSRF vulnerability.

As of publication of this advisory, there is no fix.

**Severity**

*   SECURITY-814: High
*   SECURITY-1004: Low
*   SECURITY-1683: Medium
*   SECURITY-1696: Medium
*   SECURITY-1698: High
*   SECURITY-1708: Medium

**Affected Versions**

*   **Amazon EC2 Plugin** up to and including 1.47
*   **gitlab-hook Plugin** up to and including 1.4.2
*   **Health Advisor by CloudBees Plugin** up to and including 3.0
*   **Redgate SQL Change Automation Plugin** up to and including 2.0.4
*   **Robot Framework Plugin** up to and including 2.0.0
*   **Sounds Plugin** up to and including 0.5

**Fix**

*   **Amazon EC2 Plugin** should be updated to version 1.48
*   **Health Advisor by CloudBees Plugin** should be updated to version 3.0.1
*   **Redgate SQL Change Automation Plugin** should be updated to version 2.0.5
*   **Robot Framework Plugin** should be updated to version 2.0.1

These versions include fixes to the vulnerabilities described above. All prior versions are considered to be affected by these vulnerabilities unless otherwise indicated.

As of publication of this advisory, no fixes are available for the following plugins:

*   gitlab-hook Plugin
*   Sounds Plugin

Learn why we announce these issues.

**Credit**

The Jenkins project would like to thank the reporters for discovering and reporting these vulnerabilities:

*   **Ai Ho (@j3ssiejjj)** for SECURITY-1683
*   **Federico Pellegrin** for SECURITY-1698
*   **Oleg Nenashev, CloudBees, Inc.** for SECURITY-1004
*   **Thomas de Grenier de Latour** for SECURITY-814
*   **Wadeck Follonier, CloudBees, Inc.** for SECURITY-1696

CVE-2020-2096: Jenkins Security Advisory 2020-01-15

Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function.

CVE-2019-19650: Release Notes - New features

Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. This can result in potentially exploitable crashes.

*   Products
    *   Openwall GNU/\*/Linux   _server OS_
    *   Linux Kernel Runtime Guard
    *   John the Ripper   _password cracker_
        *   Free & Open Source for any platform
        *   in the cloud
        *   Pro for Linux
        *   Pro for macOS
    *   Wordlists   _for password cracking_
    *   passwdqc   _policy enforcement_
        *   Free & Open Source for Unix
        *   Pro for Windows (Active Directory)
    *   yescrypt   _KDF & password hashing_
    *   yespower   _Proof-of-Work (PoW)_
    *   crypt\_blowfish   _password hashing_
    *   phpass   _ditto in PHP_
    *   tcb   _better password shadowing_
    *   Pluggable Authentication Modules
    *   scanlogd   _port scan detector_
    *   popa3d   _tiny POP3 daemon_
    *   blists   _web interface to mailing lists_
    *   msulogin   _single user mode login_
    *   php\_mt\_seed   _mt\_rand() cracker_
*   Services
*   Publications
    *   Articles
    *   Presentations
*   Resources
    *   Mailing lists
    *   Community wiki
    *   Source code repositories (GitHub)
    *   Source code repositories (CVSweb)
    *   File archive & mirrors
    *   How to verify digital signatures
    *   OVE IDs
*   What's new

\[<prev\] \[next>\] \[thread-next>\] \[day\] \[month\] \[year\] \[list\]

Date: Tue, 10 Dec 2019 11:30:58 +1100
From: <sandreim@...zon.com>
To: <oss-security@...ts.openwall.com>
CC: "Anthony Liguori (aliguori)" <aliguori@...zon.com>
Subject: CVE-2019-18960: Firecracker v0.18.0 and v0.19.0 vsock buffer overflow

We have identified an issue in the Firecracker v0.18.0 and v0.19.0 vsock
implementation.

# Issue Description

A logical error in bounds checking performed on vsock virtio descriptors
can be used by a malicious guest to read from and write to a segment of
the host-side Firecracker process' heap address space, directly after
the end of a guest memory region. For reads, the accessible segment's
size is 64 KiB. For writes, the accessible segment is limited by the
host Linux kernel to a size defined in /proc/sys/net/core/rmem\_max. We
expect the value of rmem\_max to be on the order of a few hundred KiB to
a few MiB.

# Impact

This will generally result in a segmentation fault, but remote code
execution within the Firecracker host-side process context cannot be
ruled out.

# Vulnerable Systems

Only Firecracker v0.18.0 and v0.19.0 are affected. Only Firecracker
microVMs with configured vsock devices are affected, and only if one or
more vsock devices are in active use by both host and guest.

# Mitigation

Patched binaries for the affected versions have been released as
Firecracker v0.18.1 \[1\] and Firecracker v0.19.1 \[2\].
If you are using Firecracker v0.18.0 or v0.19.0 , we recommend you apply
the provided fix. If you are using Firecracker v0.17.0 or below, you do
not need to take any action.
In a remote code execution scenario, users running Firecracker in line
with the recommended Production Host Setup will see the impact limited
as follows: a malicious microVM guest that would manage to compromise
the Firecracker VMM process would be restricted to running on the host
as an unprivileged user, in a chroot and mount namespace isolated from
the host's filesystem, in a separate pid namespace, in a separate
network namespace, with system calls limited to Firecracker's seccomp
whitelist, on a single NUMA node, and on a cgroups-limited number of CPU
cores.

\[1\] https://github.com/firecracker-microvm/firecracker/releases/tag/v0.18.1
\[2\] https://github.com/firecracker-microvm/firecracker/releases/tag/v0.19.1

Best Regards,
Andrei on behalf of the Firecracker maintainers team.




Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.

**Download attachment "**pEpkey.asc**" of type "**application/pgp-keys**" (2465 bytes)**

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.

CVE-2019-18960: security - CVE-2019-18960: Firecracker v0.18.0 and v0.19.0 vsock buffer overflow

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.

CVE-2019-19527

Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS.

Tag

#amazon