You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability.
Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.
This plugin allows you to store credentials in Jenkins.
Library home page: http://wiki.jenkins-ci.org/display/JENKINS/Credentials+Plugin
Path to dependency file: /build.gradle
Path to vulnerable library: /build.gradle
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - credentials-2.1.10.jar
This plugin allows you to store credentials in Jenkins.
Library home page: http://wiki.jenkins-ci.org/display/JENKINS/Credentials+Plugin
Path to dependency file: /build.gradle
Path to vulnerable library: /build.gradle
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability.
Publish Date: 2021-05-11
URL: CVE-2021-21648
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2349
Release Date: 2021-05-11
Fix Resolution: org.jenkins-ci.plugins:credentials:2.3.19
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - credentials-2.1.10.jar
This plugin allows you to store credentials in Jenkins.
Library home page: http://wiki.jenkins-ci.org/display/JENKINS/Credentials+Plugin
Path to dependency file: /build.gradle
Path to vulnerable library: /build.gradle
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Publish Date: 2022-04-12
URL: CVE-2022-29036
CVSS 3 Score Details (5.4)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.jenkins.io/security/advisory/2022-04-12/
Release Date: 2022-04-12
Fix Resolution: org.jenkins-ci.plugins:credentials:1112.vc87b_7a_3597f6
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - credentials-2.1.10.jar
This plugin allows you to store credentials in Jenkins.
Library home page: http://wiki.jenkins-ci.org/display/JENKINS/Credentials+Plugin
Path to dependency file: /build.gradle
Path to vulnerable library: /build.gradle
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.
Publish Date: 2019-05-21
URL: CVE-2019-10320
CVSS 3 Score Details (4.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10320
Release Date: 2019-05-21
Fix Resolution: org.jenkins-ci.plugins:credentials:2.1.8
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
The text was updated successfully, but these errors were encountered: