ghsa-jmxr-w2jc-qp7w
Vulnerability from github
Published
2022-04-13 00:00
Modified
2023-05-22 19:32
Summary
Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL
Details

Jenkins promoted builds Plugin provides dedicated support for defining promotions using Job DSL Plugin.

promoted builds Plugin 873.v6149db_d64130 and earlier does not validate the names of promotions defined in Job DSL. This allows attackers with Job/Configure permission to create a promotion with an unsafe name. As a result, the promotion name could be used for cross-site scripting (XSS) or to replace other config.xml files.

promoted builds Plugin 876.v99d29788b_36b_ and 3.10.1 validates the name of promotions.

Show details on source website


{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:promoted-builds"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.10.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:promoted-builds"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.11"
            },
            {
              "fixed": "876.v99d29788b"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-29049"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-04-22T21:07:53Z",
    "nvd_published_at": "2022-04-12T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Jenkins promoted builds Plugin provides dedicated support for defining promotions using [Job DSL Plugin](https://plugins.jenkins.io/job-dsl).\n\npromoted builds Plugin 873.v6149db_d64130 and earlier does not validate the names of promotions defined in Job DSL. This allows attackers with Job/Configure permission to create a promotion with an unsafe name. As a result, the promotion name could be used for cross-site scripting (XSS) or to replace other `config.xml` files.\n\npromoted builds Plugin 876.v99d29788b_36b_ and 3.10.1 validates the name of promotions.",
  "id": "GHSA-jmxr-w2jc-qp7w",
  "modified": "2023-05-22T19:32:57Z",
  "published": "2022-04-13T00:00:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29049"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/promoted-builds-plugin/commit/d6fd95688ae2052bf9ac7158bc2579c755167fe0"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/promoted-builds-plugin"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2655"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.