Monthly Archive: June 2020

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to cause a denial of service...

A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. The vulnerability is...

Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could...

Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated,...

Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by...

Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability. Date published : 2020-06-03 https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1726...

Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the ‘getConfigAsXML’ API URL when transmitting job config.xml data to users without Job/Configure. Date published : 2020-06-03 https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582 http://www.openwall.com/lists/oss-security/2020/06/03/3

Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format. Date published : 2020-06-03 https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582 http://www.openwall.com/lists/oss-security/2020/06/03/3

Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin. Date published : 2020-06-03 https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1766 http://www.openwall.com/lists/oss-security/2020/06/03/3

Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission. Date published : 2020-06-03...

Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability. Date published : 2020-06-03 https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1842 http://www.openwall.com/lists/oss-security/2020/06/03/3

Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability. Date published : 2020-06-03 https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1841 http://www.openwall.com/lists/oss-security/2020/06/03/3

A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels. Date published : 2020-06-03 https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1200 http://www.openwall.com/lists/oss-security/2020/06/03/3

Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels. Date published : 2020-06-03 https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1200 http://www.openwall.com/lists/oss-security/2020/06/03/3