Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate system-scoped credentials IDs of credentials stored in Jenkins and to connect to Google Cloud Platform using attacker-specified credentials IDs obtained through another method, to obtain information about existing projects. This fix has been backported to 4.3.17.1.

This advisory announces vulnerabilities in the following Jenkins deliverables:

*   Google Compute Engine Plugin
*   Jira Plugin
*   MATLAB Plugin
*   NeuVector Vulnerability Scanner Plugin

**Descriptions****Exposure of system-scoped credentials in Jira Plugin**

**SECURITY-3225 / CVE-2023-49653**  
**Severity (CVSS):** Medium  
**Affected plugin: jira**  
**Description:**

Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing the use of system-scoped credentials otherwise reserved for the global configuration.

This allows attackers with Item/Configure permission to access and capture credentials they are not entitled to.

Jira Plugin 3.12 defines the appropriate context for credentials lookup.

**Incorrect permission checks in Google Compute Engine Plugin**

**SECURITY-2835 / CVE-2023-49652**  
**Severity (CVSS):** Medium  
**Affected plugin: google-compute-engine**  
**Description:**

Google Compute Engine Plugin 4.550.vb\_327fca\_3db\_11 and earlier does not correctly perform permission checks in multiple HTTP endpoints. This allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to do the following:

*   Enumerate system-scoped credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.
    
*   Connect to Google Cloud Platform using attacker-specified credentials IDs obtained through another method, to obtain information about existing projects.
    

Google Compute Engine Plugin 4.551.v5a\_4dc98f6962 requires Overall/Administer permission for the affected HTTP endpoints.

**CSRF vulnerabilities and missing permission checks in MATLAB Plugin allow XXE**

**SECURITY-3193 / CVE-2023-49654 (permission checks), CVE-2023-49655 (CSRF), CVE-2023-49656 (XXE)**  
**Severity (CVSS):** High  
**Affected plugin: matlab**  
**Description:**

MATLAB Plugin determines whether a user-specified directory on the Jenkins controller is the location of a MATLAB installation by parsing an XML file in that directory.

MATLAB Plugin 2.11.0 and earlier does not perform permission checks in several HTTP endpoints implementing related form validation.

Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

Additionally, the plugin does not configure its XML parser to prevent XML external entity (XXE) attacks. This allows attackers able to create files on the Jenkins controller file system to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.

MATLAB Plugin 2.11.1 configures its XML parser to prevent XML external entity (XXE) attacks.

Additionally, POST requests and Item/Configure permission are required for the affected HTTP endpoints.

**CSRF vulnerability and missing permission checks in NeuVector Vulnerability Scanner Plugin**

**SECURITY-3256 / CVE-2023-49673 (CSRF), CVE-2023-49674 (missing permission check)**  
**Severity (CVSS):** Medium  
**Affected plugin: neuvector-vulnerability-scanner**  
**Description:**

NeuVector Vulnerability Scanner Plugin 1.22 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, this HTTP endpoint does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

NeuVector Vulnerability Scanner Plugin 2.2 requires POST requests and Overall/Administer permission for the affected HTTP endpoint.

**Severity**

*   SECURITY-2835: Medium
*   SECURITY-3193: High
*   SECURITY-3225: Medium
*   SECURITY-3256: Medium

**Affected Versions**

*   **Google Compute Engine Plugin** up to and including 4.550.vb\_327fca\_3db\_11
*   **Jira Plugin** up to and including 3.11
*   **MATLAB Plugin** up to and including 2.11.0
*   **NeuVector Vulnerability Scanner Plugin** up to and including 1.22

**Fix**

*   **Google Compute Engine Plugin** should be updated to version 4.551.v5a\_4dc98f6962
*   **Jira Plugin** should be updated to version 3.12
*   **MATLAB Plugin** should be updated to version 2.11.1
*   **NeuVector Vulnerability Scanner Plugin** should be updated to version 2.2

These versions include fixes to the vulnerabilities described above. All prior versions are considered to be affected by these vulnerabilities unless otherwise indicated.

**Credit**

The Jenkins project would like to thank the reporters for discovering and reporting these vulnerabilities:

*   **Andrea Chiera, CloudBees, Inc.** for SECURITY-3193, SECURITY-3225
*   **James Nord, CloudBees, Inc.** for SECURITY-2835
*   **Yaroslav Afenkin, CloudBees, Inc.** for SECURITY-3256

CVE-2023-49652: Jenkins Security Advisory 2023-11-29

Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.

CVE-2023-49653: Jenkins Security Advisory 2023-11-29

A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.

CVE-2023-49674: Jenkins Security Advisory 2023-11-29

Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVE-2023-49656: Jenkins Security Advisory 2023-11-29


A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data



CVE-2023-6070

Anyscale has dismissed the vulnerabilities as non-issues, according to researchers who reported the bugs to the company.

Source: Ken stocker via Shutterstock

Organizations using Ray, the open source framework for scaling artificial intelligence and machine learning workloads, are exposed to attacks via a trio of as yet unpatched vulnerabilities in the technology, researchers said this week.

**Potentially Heavy Damage**

The vulnerabilities give attackers a way to, among other things, gain operating system access to all nodes in a Ray cluster, enable remote code execution, and escalate privileges. The flaws present a threat to organizations that expose their Ray instances to the Internet or even a local network.

Researchers from Bishop Fox discovered the vulnerabilities and reported them to Anyscale — which sells a fully managed version of the technology — in August. Researchers from security vendor Protect AI also privately reported two of the same vulnerabilities to Anyscale previously.

But so far, Anyscale has not addressed the flaws, says Berenice Flores Garcia, senior security consultant at Bishop Fox. "Their position is that the vulnerabilities are irrelevant because Ray is not intended for use outside of a strictly controlled network environment and claims to have this stated in their documentation," Garcia says.

Anyscale did not immediately respond to a Dark Reading request for comment.

Ray is a technology that organizations can use to distribute the execution of complex, infrastructure-intensive AI and machine learning workloads. Many large organizations (including OpenAI, Spotify, Uber, Netflix, and Instacart) currently use the technology for building scalable new AI and machine learning applications. Amazon's AWS has integrated Ray into many of its cloud services and has positioned it as technology that organizations can use to accelerate the scaling of AI and ML apps.

**Easy to Find and Exploit**

The vulnerabilities that Bishop Fox reported to Anyscale pertain to improper authentication and input validation in Ray Dashboard, Ray Client, and potentially other components. The vulnerabilities affect Ray versions 2.6.3 and 2.8.0 and allow attackers a way to obtain any data, scripts, or files stored in a Ray cluster. "If the Ray framework is installed in the cloud (i.e., AWS), it is possible to retrieve highly privileged IAM credentials that allow privilege escalation," Bishop Fox said in its report.

The three vulnerabilities that Bishop Fox reported to Anyscale are CVE-2023-48023, a remote code execution (RCE) vulnerability tied to missing authentication for a critical function; CVE-2023-48022, a server-side request forgery vulnerability in the Ray Dashboard API that enables RCE; and CVE-2023-6021, an insecure input validation error that also enables a remote attacker to execute malicious code on an affected system.

Bishop Fox's report on the three vulnerabilities included details on how an attacker could potentially exploit the flaws to execute arbitrary code.

The vulnerabilities are easy to exploit, and attackers do not require a high level of technical skills to take advantage of them, Garcia says. "An attacker only requires remote access to the vulnerable component ports — ports 8265 and 10001 by default — from the Internet or from a local network," and some basic Python knowledge, she says.

"The vulnerable components are very easy to find if the Ray Dashboard UI is exposed. This is the gate to exploit the three vulnerabilities included in the advisory," she adds. According to Garcia, if the Ray Dashboard is not detected, a more specific fingerprint of the service ports would be required to identify the vulnerable ports. "Once the vulnerable components are identified, they are very easy to exploit following the steps from the advisory," Garcia says.

Bishop Fox's advisory shows how an attacker could exploit the vulnerabilities to obtain a private key and highly privileged credentials from an AWS cloud account where Ray is installed. But the flaws affect all organizations that expose the software to the Internet or local network.

**Controlled Network Environment**

Though Anycase did not respond to Dark Reading, the company's documentation states the need for organizations to deploy Ray clusters in a controlled network environment. "Ray expects to run in a safe network environment and to act upon trusted code," the documentation states. It mentions the need for organizations to ensure that network traffic between Ray components happens in an isolated environment and to have strict network controls and authentication mechanisms when accessing additional services.

"Ray faithfully executes code that is passed to it — Ray doesn’t differentiate between a tuning experiment, a rootkit install, or an S3 bucket inspection," the company noted. "Ray developers are responsible for building their applications with this understanding in mind."

**About the Author(s)**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Critical Vulns Found in Ray Open Source Framework for AI/ML Workloads

Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment

CVE-2023-48023: Ray, Versions 2.6.3, 2.8.0

Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.

CVE-2023-4222: Security issues - Chamilo LMS

Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.

CVE-2023-4226: Security issues - Chamilo LMS

Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.

Tag

#ssrf