Vulnerability-Lookup - Search a vulnerability

Vulnerabilites related to Jenkins project - Jenkins 360 FireLine Plugin

cve-2019-10466

Vulnerability from cvelistv5

Published

2019-10-23 12:45

Modified

2024-08-04 22:24

Severity ?

Summary

An XML external entities (XXE) vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks.

References

▼	URL	Tags
	https://jenkins.io/security/advisory/2019-10-23/#SECURITY-822	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2019/10/23/2	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	Jenkins project	Jenkins 360 FireLine Plugin	Version: 1.7.2 and earlier

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T22:24:18.562Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://jenkins.io/security/advisory/2019-10-23/#SECURITY-822",
               },
               {
                  name: "[oss-security] 20191023 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2019/10/23/2",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Jenkins 360 FireLine Plugin",
               vendor: "Jenkins project",
               versions: [
                  {
                     status: "affected",
                     version: "1.7.2 and earlier",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An XML external entities (XXE) vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T16:50:11.060Z",
            orgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            shortName: "jenkins",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://jenkins.io/security/advisory/2019-10-23/#SECURITY-822",
            },
            {
               name: "[oss-security] 20191023 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2019/10/23/2",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "jenkinsci-cert@googlegroups.com",
               ID: "CVE-2019-10466",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Jenkins 360 FireLine Plugin",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "1.7.2 and earlier",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Jenkins project",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An XML external entities (XXE) vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-611",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://jenkins.io/security/advisory/2019-10-23/#SECURITY-822",
                     refsource: "CONFIRM",
                     url: "https://jenkins.io/security/advisory/2019-10-23/#SECURITY-822",
                  },
                  {
                     name: "[oss-security] 20191023 Multiple vulnerabilities in Jenkins plugins",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2019/10/23/2",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
      assignerShortName: "jenkins",
      cveId: "CVE-2019-10466",
      datePublished: "2019-10-23T12:45:41",
      dateReserved: "2019-03-29T00:00:00",
      dateUpdated: "2024-08-04T22:24:18.562Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-43435

Vulnerability from cvelistv5

Published

2022-10-19 00:00

Modified

2024-08-03 13:32

Severity ?

Summary

Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.

References

▼	URL	Tags
	https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2866
	http://www.openwall.com/lists/oss-security/2022/10/19/3	mailing-list

Impacted products

	Vendor	Product	Version
	Jenkins project	Jenkins 360 FireLine Plugin	Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T13:32:58.971Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2866",
               },
               {
                  name: "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/10/19/3",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Jenkins 360 FireLine Plugin",
               vendor: "Jenkins project",
               versions: [
                  {
                     lessThanOrEqual: "1.7.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "unknown",
                     version: "next of 1.7.2",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T14:26:07.021Z",
            orgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            shortName: "jenkins",
         },
         references: [
            {
               url: "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2866",
            },
            {
               name: "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/10/19/3",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
      assignerShortName: "jenkins",
      cveId: "CVE-2022-43435",
      datePublished: "2022-10-19T00:00:00",
      dateReserved: "2022-10-18T00:00:00",
      dateUpdated: "2024-08-03T13:32:58.971Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}