关键漏洞信息 漏洞概述 公告日期: 2025-04-02 影响的Jenkins版本: - Jenkins (core) - AsakusaSatellite Plugin - Cadence vManager Plugin - monitor-remote-job Plugin - Simple Queue Plugin - Stack Hammer Plugin - Templating Engine Plugin 漏洞详情 1. Missing permission check allows retrieving agent configurations - CVE编号: SECURITY-3512 / CVE-2025-31720 - 严重性: Medium - 描述: Jenkins 2.503及更早版本,LTS 2.492.2及更早版本在HTTP端点上未执行权限检查。这允许具有Agent/Create权限但没有Agent/Extended Read权限的攻击者复制代理,从而访问其配置。 2. Missing permission check allows retrieving secrets from agent configurations - CVE编号: SECURITY-3513 / CVE-2025-31721 - 严重性: Medium - 描述: Jenkins 2.503及更早版本,LTS 2.492.2及更早版本在HTTP端点上未执行权限检查。这允许具有Agent/Create权限但没有Agent/Configure权限的攻击者复制包含秘密的代理。 3. Script Security sandbox bypass vulnerability through folder-scoped libraries in Templating Engine Plugin - CVE编号: SECURITY-3505 / CVE-2025-31722 - 严重性: High - 受影响插件: templating-engine - 描述: Templating Engine Plugin允许在全局配置和使用管道的文件夹中定义库。虽然全局配置中的库只能由管理员设置并因此可以被信任,但在文件夹中定义的库可以由具有Item/Configure权限的用户配置。此漏洞允许具有Item/Configure权限的攻击者在主机控制台中执行任意代码。 4. CSRF vulnerability in Simple Queue Plugin - CVE编号: SECURITY-3469 / CVE-2025-31723 - 严重性: Medium - 受影响插件: simple-queue - 描述: Simple Queue Plugin 1.4.6及更早版本不要求POST请求用于多个HTTP端点,导致跨站请求伪造(CSRF)漏洞。 5. API keys stored in plain text by Cadence vManager Plugin - CVE编号: SECURITY-3537 / CVE-2025-31724 - 严重性: Medium - 受影响插件: vmanager-plugin - 描述: Cadence vManager Plugin 4.0.0-282.v5096a_c2db_275及更早版本以明文形式在job config.xml文件中存储Verisium Manager vAPI密钥。 6. Passwords stored in plain text by monitor-remote-job Plugin - CVE编号: SECURITY-3539 / CVE-2025-31725 - 严重性: Medium - 受影响插件: monitor-remote-job - 描述: monitor-remote-job Plugin 1.0及更早版本以明文形式在job config.xml文件中存储密码。 7. API keys stored in plain text by Stack Hammer Plugin - CVE编号: SECURITY-3520 / CVE-2025-31726 - 严重性: Medium - 受影响插件: stackhammer - 描述: Stack Hammer Plugin 1.0.0及更早版本以明文形式在job config.xml文件中存储Stack Hammer API密钥。 8. API keys stored and displayed in plain text by AsakusaSatellite Plugin - CVE编号: SECURITY-3523 / CVE-2025-31727 (storage), CVE-2025-31728 (masking) - 严重性: Medium - 受影响插件: asakusa-satellite-plugin - 描述: AsakusaSatellite Plugin 0.1.1及更早版本以明文形式在job config.xml文件中存储AsakusaSatellite API密钥,并且作业配置表单不屏蔽这些API密钥。 影响版本 Jenkins weekly up to and including 2.503 Jenkins LTS up to and including 2.492.2 AsakusaSatellite Plugin up to and including 0.1.1 Cadence vManager Plugin up to and including 4.0.0-282.v5096a_c2db_275 monitor-remote-job Plugin up to and including 1.0 Simple Queue Plugin up to and including 1.4.6 Stack Hammer Plugin up to and including 1.0.0 Templating Engine Plugin up to and including 2.5.3 修复建议 Jenkins weekly should be updated to version 2.504 Jenkins LTS should be updated to version 2.492.3 Cadence vManager Plugin should be updated to version 4.0.1-286.v9e25a_740b_a_48 Simple Queue Plugin should be updated to version 1.4.7 Templating Engine Plugin should be updated to version 2.5.4