January 13, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Shuckworm APT Group aka Armageddon – Active IOCs
April 14, 2023
Rewterz Threat Alert – APT-C-35 aka Donot Team – Active IOCs
April 14, 2023
Rewterz Threat Alert – Shuckworm APT Group aka Armageddon – Active IOCs
April 14, 2023
Rewterz Threat Alert – APT-C-35 aka Donot Team – Active IOCs
April 14, 2023
Severity
Medium
Analysis Summary
CVE-2023-30529 CVSS:4.3
Jenkins Lucene-Search Plugin is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to reindex the database. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2023-30525 CVSS:4.3
Jenkins Report Portal Plugin is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to connect to an attacker-specified URL. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2023-30521 CVSS:5.3
Jenkins Assembla merge request builder Plugin could allow a remote attacker to bypass security restrictions, caused by improper permission validation. By sending a specially crafted request, an attacker could exploit this vulnerability to trigger builds of jobs corresponding to the attacker-specified repository.
CVE-2023-30519 CVSS:5.3
Jenkins Quay.io trigger Plugin could allow a remote attacker to bypass security restrictions, caused by improper missing validation. By sending a specially crafted request, an attacker could exploit this vulnerability to trigger builds of jobs corresponding to the attacker-specified repository.
CVE-2023-30518 CVSS:4.3
Jenkins Thycotic Secret Server Plugin could allow a remote authenticated attacker to obtain sensitive information, caused by improper permission validation. By sending a specially crafted request, an attacker could exploit this vulnerability to enumerate credentials IDs of credentials stored in Jenkins, and use this information to launch further attacks against the affected system.
CVE-2023-30517 CVSS:5.9
Jenkins NeuVector Vulnerability Scanner Plugin Plugin could allow a remote authenticated attacker to obtain sensitive information, caused by an issue with unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-30528 CVSS:3.3
Jenkins WSO2 Oauth Plugin could allow a local authenticated attacker to obtain sensitive information, caused by not mask the WSO2 Oauth client secret on the global configuration form. By gaining access to the global configuration form, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-30514 CVSS:4.3
Jenkins Azure Key Vault Plugin could allow a remote authenticated attacker to obtain sensitive information, caused by improper masking of credentials printed in the build log. By gaining access to the build log, an attacker could exploit this vulnerability to obtain credentials information, and use this information to launch further attacks against the affected system.
CVE-2023-30515 CVSS:4.3
Jenkins Thycotic DevOps Secrets Vault Plugin could allow a remote authenticated attacker to obtain sensitive information, caused by improper masking of credentials printed in the build log. By gaining access to the build log, an attacker could exploit this vulnerability to obtain credentials information, and use this information to launch further attacks against the affected system.
CVE-2023-30523 CVSS:4.3
Jenkins Report Portal Plugin could allow a remote authenticated attacker to obtain sensitive information, caused by the storage of ReportPortal access tokens unencrypted in job config.xml files. By gaining access to the config.xml files, an attacker could exploit this vulnerability to obtain tokens information, and use this information to launch further attacks against the affected system.
CVE-2023-30526 CVSS:4.3
Jenkins Report Portal Plugin could allow a remote attacker to bypass security restrictions, caused by improper permission check in a method implementing form validation. By sending a specially crafted request, an attacker could exploit this vulnerability to connect to an attacker-specified URL using attacker-specified bearer token authentication.
CVE-2023-30513 CVSS:4.3
Jenkins Kubernetes Plugin could allow a remote authenticated attacker to obtain sensitive information, caused by improper masking of credentials printed in the build log. By gaining access to the build log, an attacker could exploit this vulnerability to obtain credentials information, and use this information to launch further attacks against the affected system.
CVE-2023-30527 CVSS:3.3
Jenkins WSO2 Oauth Plugin could allow a local authenticated attacker to obtain sensitive information, caused by the storage of WSO2 Oauth client secret unencrypted in the global config.xml file. By gaining access to the global config.xml file, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-30530 CVSS:4.3
Jenkins Consul KV Builder Plugin could allow a remote authenticated attacker to obtain sensitive information, caused by the storage of HashiCorp Consul ACL Token unencrypted in its global configuration file. By gaining access to the global configuration file, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-30516 CVSS:5.3
Jenkins Image Tag Parameter Plugin could allow a remote attacker to obtain sensitive information, caused by improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-30520 CVSS:8.8
Jenkins Quay.io trigger Plugin is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-30532 CVSS:4.3
Jenkins TurboScript Plugin could allow a remote authenticated attacker to bypass security restrictions, caused by improper permission validation. By sending a specially crafted request, an attacker could exploit this vulnerability to trigger builds of jobs corresponding to the attacker-specified repository.
CVE-2023-30531 CVSS:4.3
Jenkins Consul KV Builder Plugin could allow a remote authenticated attacker to obtain sensitive information, caused by not mask the HashiCorp Consul ACL Token on the global configuration form. By gaining access to the global configuration form, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-30524 CVSS:4.3
Jenkins Kubernetes Plugin could allow a remote authenticated attacker to obtain sensitive information, caused by not mask ReportPortal access tokens displayed on the configuration form. By gaining access to the configuration form, an attacker could exploit this vulnerability to obtain credentials information, and use this information to launch further attacks against the affected system.
CVE-2023-30522 CVSS:4.3
Jenkins Fogbugz Plugin could allow a remote authenticated attacker to bypass security restrictions, caused by the lack of authentication mechanism. By sending a specially crafted request, an attacker could exploit this vulnerability to trigger builds of jobs specified in a “jobname” request parameter.
Impact
- Security Bypass
- Information Disclosure
- Gain Access
- Cross-Site Scripting
Indicators Of Compromise
CVE
- CVE-2023-30529
- CVE-2023-30525
- CVE-2023-30521
- CVE-2023-30519
- CVE-2023-30518
- CVE-2023-30517
- CVE-2023-30528
- CVE-2023-30514
- CVE-2023-30515
- CVE-2023-30523
- CVE-2023-30526
- CVE-2023-30513
- CVE-2023-30527
- CVE-2023-30530
- CVE-2023-30516
- CVE-2023-30520
- CVE-2023-30532
- CVE-2023-30531
- CVE-2023-30524
- CVE-2023-30522
Affected Vendors
Jenkins
Affected Products
- Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9
- Jenkins Report Portal Plugin 0.5
- Jenkins Assembla merge request builder Plugin 1.1.13
- Jenkins Quay.io trigger Plugin 0.1
- Jenkins Thycotic Secret Server Plugin 1.0.2
- Jenkins NeuVector Vulnerability Scanner Plugin 1.22
- Jenkins WSO2 Oauth Plugin 1.0
- Jenkins Azure Key Vault Plugin 187.va_cd5fecd198a_
- Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0
- Jenkins Kubernetes Plugin 3909.v1f2c633e8590
- Jenkins Consul KV Builder Plugin 2.0.13
- Jenkins Image Tag Parameter Plugin 2.0
- Jenkins TurboScript Plugin 1.3
- Jenkins Fogbugz Plugin 2.2.17
Remediation
Refer to Jenkins Security Advisory for patch, upgrade or suggested workaround information.