#auth

Jenkins Nexus Task Runner Plugin 0.9.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. Additionally, this endpoint does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability. As of publication of this advisory, there is no fix.

Jenkins Nexus Task Runner Plugin 0.9.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. Additionally, this endpoint does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability. As of publication of this advisory, there is no fix.

Jenkins Start Windocks Containers Plugin 1.4 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this endpoint does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability. As of publication of this advisory, there is no fix.

Jenkins SAML Plugin 4.583.vc68232f7018a_ and earlier does not implement a replay cache. This allows attackers able to obtain information about the SAML authentication flow between a user’s web browser and Jenkins to replay those requests, authenticating to Jenkins as that user. SAML Plugin 4.583.585.v22ccc1139f55 implements a replay cache that rejects replayed requests.

Jenkins Start Windocks Containers Plugin 1.4 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this endpoint does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability. As of publication of this advisory, there is no fix.

Jenkins Themis Plugin 1.4.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this endpoint does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability. As of publication of this advisory, there is no fix.

Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job `config.xml` files on the Jenkins controller as part of its configuration. These token can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. As of publication of this advisory, there is no fix.

Jenkins Themis Plugin 1.4.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this endpoint does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability. As of publication of this advisory, there is no fix.

Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb_8 and earlier sets the Java system property `jdk.http.auth.tunneling.disabledSchemes` to an empty value as part of applying a proxy configuration. This disables a protection mechanism of the Java runtime addressing CVE-2016-5597. As of publication of this advisory, there is no fix.

Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability. This vulnerability allows attackers to execute sandboxed Groovy code. As of publication of this advisory, there is no fix.