Jenkins多个插件安全漏洞公告 (CVE-2022-28133/28134/28135)

Jenkins Security Advisory 2022-03-29 Summary This advisory announces vulnerabilities in various Jenkins plugins: Bitbucket Server Integration Plugin Continuous Integration with Toad Edge Plugin Coverage/Complexity Scatter Plot Plugin Flaky Test Handler Plugin Instant-messaging Plugin JiraTestResultReporter Plugin Job Ind Node Ownership Plugin Pipeline: Phoenix AutoTest Plugin Proxmox Plugin (multiple instances) RocketChat Notifier Plugin SiteMonitor Plugin Tests Selector Plugin Key Vulnerabilities Stored XSS Vulnerability in Bitbucket Server Integration Plugin - CVE: SECURITY-2639 / CVE-2022-28133 - Severity: High - Affected Plugin: bitbucket-server-integration - Description: Permits stored XSS via URL schemes for callback URLs on OAuth consumers. Missing Permission Checks in Bitbucket Server Integration Plugin - CVE: SECURITY-2640 / CVE-2022-28134 - Severity: Medium - Affected Plugin: bitbucket-server-integration - Description: Allows attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers. Password Stored in Plain Text by Instant-messaging Plugin - CVE: SECURITY-2161 / CVE-2022-28135 - Severity: Low - Affected Plugin: instant-messaging - Description: Passwords for group chats based on instant-messaging plugin stored unencrypted. Impact and Fixes The advisory outlines the severity levels for each vulnerability (High, Medium, Low). Provides specific version ranges affected for each plugin. Recommends updating to the latest versions of affected plugins to mitigate risks. Notes some vulnerabilities have no current fixes available. Conclusion This advisory highlights critical and non-critical vulnerabilities across multiple Jenkins plugins, stressing the importance of timely updates and thorough security reviews for maintaining a secure Jenkins environment.

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

Jenkins多个插件安全漏洞公告 (CVE-2022-28133/28134/28135)

目标达成感谢每一位支持者 — 我们达成了 100% 目标！