March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Alert -APT-C-35 aka Donot Team – Active IOCs
March 22, 2023
Rewterz Threat Update – Cyber Threat Intelligence Advisory – 23rd March Pakistan Day
March 22, 2023
Rewterz Threat Alert -APT-C-35 aka Donot Team – Active IOCs
March 22, 2023
Rewterz Threat Update – Cyber Threat Intelligence Advisory – 23rd March Pakistan Day
March 22, 2023
Severity
High
Analysis Summary
CVE-2023-28684 CVSS:7.1
Jenkins remote-jobs-view-plugin Plugin could allow a remote authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity (XXE) declarations by the XML parser. By using a specially crafted XML report file, an attacker could exploit this vulnerability to obtain secrets from the Jenkins controller or perform server-side request forgery attacks.
CVE-2023-28683 CVSS:7.1
Jenkins Phabricator Differential Plugin could allow a remote authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity (XXE) declarations by the XML parser. By using a specially crafted XML report file, an attacker could exploit this vulnerability to obtain secrets from the Jenkins controller or perform server-side request forgery attacks.
CVE-2023-28682 CVSS:7.1
Jenkins Performance Publisher Plugin could allow a remote authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity (XXE) declarations by the XML parser. By using a specially crafted XML report file, an attacker could exploit this vulnerability to obtain secrets from the Jenkins controller or perform server-side request forgery attacks.
CVE-2023-28681 CVSS:7.1
Jenkins Crap4J Plugin could allow a remote authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity (XXE) declarations by the XML parser. By using a specially crafted XML report file, an attacker could exploit this vulnerability to obtain secrets from the Jenkins controller or perform server-side request forgery attacks.
CVE-2023-28680 CVSS:8
Jenkins Mashup Portlets Plugin is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-28679 CVSS:8
Jenkins Mashup Portlets Plugin is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-28678 CVSS:8
Jenkins Cppcheck Plugin is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-28677 CVSS:8
Jenkins Convert To Pipeline Plugin could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a command injection flaw. By using a specially crafted configuration that injects Pipeline script, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-28676 CVSS:8.8
Jenkins Convert To Pipeline Plugin is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to create a Pipeline based on a Freestyle project. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2023-28675 CVSS:4.3
Jenkins Convert To Pipeline Plugin could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a command injection flaw. By using a specially crafted configuration that injects Pipeline script, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-28674 CVSS:4.3
Jenkins OctoPerf Load Testing Plugin is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to connect to a previously configured Octoperf server. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2023-28673 CVSS:4.3
Jenkins OctoPerf Load Testing Plugin could allow a remote authenticated attacker to obtain sensitive information, caused by improper permission check in an HTTP endpoint. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to enumerate credentials IDs, and use this information to launch further attacks against the affected system.
CVE-2023-28672 CVSS:7.1
Jenkins OctoPerf Load Testing Plugin could allow a remote authenticated attacker to bypass security restrictions, caused by improper permission check in a connection test HTTP endpoint. By sending a specially crafted request, an attacker could exploit this vulnerability to connect to an attacker-specified URL.
CVE-2023-28671 CVSS:4.3
Jenkins OctoPerf Load Testing Plugin is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to connect to an attacker-specified URL. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2023-28670 CVSS:8
Jenkins Pipeline Aggregator View Plugin is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-28669 CVSS:8
Jenkins JaCoCo Plugin is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-28668 CVSS:5.9
Jenkins Role-based Authorization Strategy Plugin could allow a remote authenticated attacker to bypass security restrictions, caused by improper permission validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to grant permissions even after permissions have been disabled.
Impact
- Information Disclosure
- Cross-Site Scripting
- Code Execution
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-28684
- CVE-2023-28683
- CVE-2023-28682
- CVE-2023-28681
- CVE-2023-28680
- CVE-2023-28679
- CVE-2023-28678
- CVE-2023-28677
- CVE-2023-28676
- CVE-2023-28675
- CVE-2023-28674
- CVE-2023-28673
- CVE-2023-28672
- CVE-2023-28671
- CVE-2023-28670
- CVE-2023-28669
- CVE-2023-28668
Affected Vendors
Jenkins
Affected Products
- Jenkins remote-jobs-view-plugin Plugin 0.0.3
- Jenkins Phabricator Differential Plugin 2.1.5
- Jenkins Performance Publisher Plugin 8.09
- Jenkins Visual Studio Code Metrics Plugin 1.7
- Jenkins Crap4J Plugin 0.9
- Jenkins Cppcheck Plugin 1.26
- Jenkins OctoPerf Load Testing Plugin 4.5.2
- Jenkins Pipeline Aggregator View Plugin 1.13
- Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51
Remediation
Refer to Jenkins Security Advisory for patch, upgrade or suggested workaround information.