Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. It did not properly check the current user's authentication and authorization when configuring existing GitHub organization folders. This allowed users with read access to the GitHub organization folder to reconfigure it, including changing the GitHub API endpoint for the organization folder to an attacker-controlled server to obtain the GitHub access token, if the organization folder was initially created using Blue Ocean.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CloudBees Jenkins Blue Ocean插件安全漏洞
Vulnerability Description
CloudBees Jenkins(前称Hudson Labs)是美国CloudBees公司的一套基于Java开发的持续集成工具,它主要用于监控持续的软件版本发布/测试项目和一些定时执行的任务。Blue Ocean plugin是其中的一个可视化管理插件。 CloudBees Jenkins Blue Ocean插件1.1.5及之前的版本中存在安全漏洞,该漏洞源于程序没有正确的对当前用户进行授权和身份验证检测。攻击者可利用该漏洞重新配置GitHub组织文件夹,获取GitHub访问令牌。
CVSS Information
N/A
Vulnerability Type
N/A