GHSA-JMXR-W2JC-QP7W
Vulnerability from github – Published: 2022-04-13 00:00 – Updated: 2023-05-22 19:32
VLAI?
Summary
Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL
Details
Jenkins promoted builds Plugin provides dedicated support for defining promotions using Job DSL Plugin.
promoted builds Plugin 873.v6149db_d64130 and earlier does not validate the names of promotions defined in Job DSL. This allows attackers with Job/Configure permission to create a promotion with an unsafe name. As a result, the promotion name could be used for cross-site scripting (XSS) or to replace other config.xml files.
promoted builds Plugin 876.v99d29788b_36b_ and 3.10.1 validates the name of promotions.
Severity ?
8.0 (High)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:promoted-builds"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.10.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:promoted-builds"
},
"ranges": [
{
"events": [
{
"introduced": "3.11"
},
{
"fixed": "876.v99d29788b"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-29049"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2022-04-22T21:07:53Z",
"nvd_published_at": "2022-04-12T20:15:00Z",
"severity": "HIGH"
},
"details": "Jenkins promoted builds Plugin provides dedicated support for defining promotions using [Job DSL Plugin](https://plugins.jenkins.io/job-dsl).\n\npromoted builds Plugin 873.v6149db_d64130 and earlier does not validate the names of promotions defined in Job DSL. This allows attackers with Job/Configure permission to create a promotion with an unsafe name. As a result, the promotion name could be used for cross-site scripting (XSS) or to replace other `config.xml` files.\n\npromoted builds Plugin 876.v99d29788b_36b_ and 3.10.1 validates the name of promotions.",
"id": "GHSA-jmxr-w2jc-qp7w",
"modified": "2023-05-22T19:32:57Z",
"published": "2022-04-13T00:00:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29049"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/promoted-builds-plugin/commit/d6fd95688ae2052bf9ac7158bc2579c755167fe0"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/promoted-builds-plugin"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2655"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…