The Page Builder by AZEXO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'azh_add_post' function in versions up to, and including, 1.27.133. This makes it possible for authenticated attackers to create a post with any post type and post status.

This record contains material that is subject to copyright.

**Copyright 2012-2023 Defiant Inc.**

**License:** Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy. **Read more.**

**Copyright 1999-2023 The MITRE Corporation**

**License:** CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy. **Read more.**

Have information to add, or spot any errors? Contact us at wfi-support@wordfence.com so we can make any appropriate adjustments.

CVE-2023-3053: Page Builder by AZEXO <= 1.27.133 - Missing Authorization to Post Creation — Wordfence Intelligence

Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site scripting (XSS) vulnerability.

CVE-2022-34178: Jenkins Security Advisory 2022-06-22

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.

Risk Rating

Low

Author Affiliation

WMF Product

*   Task Graph
*   Mentions

**Event Timeline**

There are a very large number of changes, so older changes are hidden. Show Older Changes

Restricted Application added a subscriber: Aklapper.

mmartorana changed the task status from Open to In Progress.

mmartorana triaged this task as Low priority.

mmartorana changed Risk Rating from N/A to Low.

Reedy renamed this task from Manualthumb bypasses badFile lookup to CVE-2023-36674: Manualthumb bypasses badFile lookup.

Reedy closed this task as Resolved.

CVE-2023-36674: ⚓ T335612 CVE-2023-36674: Manualthumb bypasses badFile lookup

A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL.

**Missing permission check in Jenkins vRealize Orchestrator Plugin**

Moderate severity GitHub Reviewed Published Jun 24, 2022 • Updated Jul 5, 2022

GHSA-35r9-gfqf-r6cw: Missing permission check in Jenkins vRealize Orchestrator Plugin

Categories: Awareness
Categories: Personal
Categories: Scams
Tags: Tech Support Scams

Tags:  Malwarebytes

Tags:  impersonating

Tags:  screen lockers

Tags:  fake warnings

Tags:  remote access

Tech support scams are an ongoing nuisance. Knowing how they operate helps you to recognize them.



(Read more...)




The post How to spot and avoid a tech support scam appeared first on Malwarebytes Labs.

Despite the occasional arrests and FTC fines for tech support scammers (TSS) and their henchmen, there are still plenty of cybercriminals active in this field. Scams range from unsolicited calls offering help with your “infected” computer to fully-fledged websites where you can purchase heavily over-priced versions of legitimate security software.

According to the FBI's IC3 Report, in 2022 Tech and Customer Support fraudsters made 32,538 victims with total reported damages amassing $806,551,993 in the US alone.

Most people associate tech support scams with technicians sitting in a crowded and buzzing boiler room somewhere offshore, and they are not wrong. The scams primarily emanate from call centers in South Asia, mainly India. In response, the Department of Justice (DOJ) and the FBI are collaborating with law enforcement in India to combat cyber-enabled financial crimes and transnational call center fraud.

At the same time, the legal case against tech support scams originating in the US has proven to be difficult over the past few years, and prosecution has been limited. Courts are not tech-savvy enough to understand the latest scam tactics, making it very easy for scammers to get away with certain technical intricacies.

Malwarebytes researchers have been actively engaged in the fight against tech support scammers overseas but also in the US. With a commitment to helping protect consumers from all dangerous cyber threats, they are working hand in hand with the Federal Trade Commission to help provide technical evidence in support of shutting tech support scammers down while simultaneously educating Internet users on how to protect against the latest TSS tactics.

**How to deal with tech support scams**

As a security provider with a good reputation, we do get a lot of impersonators, like in the example below.

Maybe we should be flattered, but frankly we are annoyed. So here are a few tell-tale signs that you are dealing with an impersonator:

*   The company gives you any name at all other than Malwarebytes. Malwarebytes does not outsource support. We have our own Support team. There are no third parties “authorized” to provide support. Nobody is “licensed” to use our name, logo, or any other intellectual property. 
*   The company can’t or won't take your credit card the first time you ask. Reputable organizations don’t do this. Period. Malwarebytes has a credit card processor that takes payments for all transactions. Credit card processors do things like vet clients for risk, fraud, and abuse. So any company having trouble doing business with one, probably fits into one of those three categories. Credit cards also have reasonably robust consumer fraud protection, so if you’re being steered away from using one, that is also a red flag that the company is about to do something they probably shouldn’t.
*   The company makes outbound support calls. Malwarebytes does not do this. Tech support companies that make outbound unsolicited calls tend to do so because they bought your personal information from a data broker who classified you as a vulnerable target. How would they know you have a problem with your computer? How would they even know you own a computer? Generally speaking, if someone calls you out of the blue claiming your computer has a problem, hang up.

There are some other methods that tech support scammers use to get access to your system. Here are a few of the basics to get you up to speed:

*   Beware the lock up. If your browser or mobile device “locks up”, meaning you’re no longer able to navigate away from a virus warning, you’re likely part of a tech support scam. If something claims to show the files and folders from inside of your browser, this is another signal that you’re on a fake page. Close the browser if possible, or restart your device if this doesn’t work.
*   Screenlocker issues. These are typically fake Windows Blue Screen of Death error pages, except they come with the tech support scammer’s phone number included. You may need one of our removal self-help guides to resolve this.
*   Beware of someone wanting to connect to your computer remotely. One of the tech support scammer’s biggest weapons is their ability to connect remotely to their victims. If they do this, they essentially have total access to all of your files and folders. 

Unfortunately for some people these warnings may have come too late. So what should you do if you have fallen victim to a tech support scam? Here are a few pointers:

*   Did you already pay? Contact your credit card company or bank and let them know what’s happened. You may also need to file a complaint with the FTC, or contact your local law enforcement agency depending on your region.
*   If you shared your password with a scammer, change it on every account that uses this password. Consider using a password manager and enable 2FA for important accounts.
*   Scan your system. If scammers have had access to your system, they may have planted a backdoor so they can revisit whenever they feel like it. Malwarebytes can remove backdoors and other software left behind by scammers.
*   Keep an eye out for unexpected payments. Be on the lookout for suspicious charges/payments on your credit cards and bank account(s) so you can revert and stop them.
*   Be wary of suspicious emails. You have been marked as a target. By falling for one scam, scammers my try other methods to defraud you.

For a very detailed breakdown of tech support scams, how they operate, and more suggestions to keep yourself safe from harm, please check out our dedicated tech support scams page.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

How to spot and avoid a tech support scam

A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins.

This advisory announces vulnerabilities in the following Jenkins deliverables:

*   Jenkins (core)
*   AWS CodeCommit Trigger Plugin
*   Checkmarx Plugin
*   Digital.ai App Management Publisher Plugin
*   Dimensions Plugin
*   Maven Repository Server Plugin
*   Sonargraph Integration Plugin
*   Team Concert Plugin
*   Template Workflows Plugin

**Descriptions****CSRF protection bypass vulnerability**

**SECURITY-3135 / CVE-2023-35141**  
**Severity (CVSS):** High  
**Description:**

Jenkins provides context menus for various UI elements, like links to jobs and builds, or breadcrumbs.

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint (e.g., the Script Console) by opening a context menu.

As of publication of this advisory, we are aware of insufficiently escaped context menu URLs for label expressions, allowing attackers with Item/Configure permissions to exploit this vulnerability.

Jenkins 2.400, LTS 2.401.1 sends GET requests to load the list of context actions.

**SSL/TLS certificate validation disabled by default in Checkmarx Plugin**

**SECURITY-2870 / CVE-2023-35142**  
**Severity (CVSS):** Medium  
**Affected plugin: checkmarx**  
**Description:**

Checkmarx Plugin allows to globally enable or disable SSL/TLS validation for connections to the Checkmarx server. Checkmarx Plugin 2022.4.3 and earlier disables it by default. Unless changed by an administrator, it would cause all connections to the Checkmarx server to ignore SSL/TLS validation, thereby enabling potential man-in-the-middle attacks.

Checkmarx Plugin 2023.2.6 enables SSL/TLS validation by default. Administrators who do not want SSL/TLS validation for connections to the Checkmarx server to be disabled are advised to review their configuration.

**Missing permission checks in Team Concert Plugin**

**SECURITY-2932 / CVE pending**  
**Severity (CVSS):** Medium  
**Affected plugin: teamconcert**  
**Description:**

Team Concert Plugin 2.4.1 and earlier does not perform permission checks in methods implementing form validation.

This allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

Team Concert Plugin 2.4.2 requires Overall/Administer permission for the affected form validation methods.

**Missing permission check in Dimensions Plugin allows enumerating credentials IDs**

**SECURITY-3138 / CVE-2023-32261**  
**Severity (CVSS):** Medium  
**Affected plugin: dimensionsscm**  
**Description:**

Dimensions Plugin 0.9.3 and earlier does not perform a permission check in an HTTP endpoint.

This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.

An enumeration of credentials IDs in Dimensions Plugin 0.9.3.1 requires the appropriate permissions.

**Exposure of system-scoped credentials in Dimensions Plugin**

**SECURITY-3143 / CVE-2023-32262**  
**Severity (CVSS):** Medium  
**Affected plugin: dimensionsscm**  
**Description:**

Dimensions Plugin 0.9.3 and earlier does not set the appropriate context for credentials lookup, allowing the use of System-scoped credentials otherwise reserved for the global configuration.

This allows attackers with Item/Configure permission to access and capture credentials they are not entitled to.

Dimensions Plugin 0.9.3.1 defines the appropriate context for credentials lookup.

**Stored XSS vulnerability in Maven Repository Server Plugin**

**SECURITY-3156 / CVE-2023-35143**  
**Severity (CVSS):** High  
**Affected plugin: repository**  
**Description:**

Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control maven project versions in pom.xml.

**Stored XSS vulnerability in Maven Repository Server Plugin**

**SECURITY-2951 / CVE-2023-35144**  
**Severity (CVSS):** High  
**Affected plugin: repository**  
**Description:**

Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to change project or build display names.

**Stored XSS vulnerability in Sonargraph Integration Plugin**

**SECURITY-3155 / CVE-2023-35145**  
**Severity (CVSS):** High  
**Affected plugin: sonargraph-integration**  
**Description:**

Sonargraph Integration Plugin 5.0.1 and earlier does not correctly escape the file path and the project name for the Log file field form validation.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

**Stored XSS vulnerability in Template Workflows Plugin**

**SECURITY-3166 / CVE-2023-35146**  
**Severity (CVSS):** High  
**Affected plugin: template-workflows**  
**Description:**

Template Workflows Plugin 41.v32d86a\_313b\_4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create jobs.

**Arbitrary file read vulnerability in AWS CodeCommit Trigger Plugin**

**SECURITY-3099 / CVE-2023-35147**  
**Severity (CVSS):** Medium  
**Affected plugin: aws-codecommit-trigger**  
**Description:**

AWS CodeCommit Trigger Plugin allows downloading activity logs of AWS Simple Queue Service (SQS) queues.

AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the queue name path parameter in the corresponding HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system.

**CSRF vulnerability and missing permission checks in Digital.ai App Management Publisher Plugin**

**SECURITY-2911 / CVE-2023-35148 (CSRF), CVE-2023-35149 (missing permission check)**  
**Severity (CVSS):** Medium  
**Affected plugin: ease-plugin**  
**Description:**

Digital.ai App Management Publisher Plugin 2.6 and earlier does not perform permission checks in several HTTP endpoints.

This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

**Severity**

*   SECURITY-2870: Medium
*   SECURITY-2911: Medium
*   SECURITY-2932: Medium
*   SECURITY-2951: High
*   SECURITY-3099: Medium
*   SECURITY-3135: High
*   SECURITY-3138: Medium
*   SECURITY-3143: Medium
*   SECURITY-3155: High
*   SECURITY-3156: High
*   SECURITY-3166: High

**Affected Versions**

*   **Jenkins weekly** up to and including 2.399
*   **Jenkins LTS** up to and including 2.387.3
*   **AWS CodeCommit Trigger Plugin** up to and including 3.0.12
*   **Checkmarx Plugin** up to and including 2022.4.3
*   **Digital.ai App Management Publisher Plugin** up to and including 2.6
*   **Dimensions Plugin** up to and including 0.9.3
*   **Maven Repository Server Plugin** up to and including 1.10
*   **Sonargraph Integration Plugin** up to and including 5.0.1
*   **Team Concert Plugin** up to and including 2.4.1
*   **Template Workflows Plugin** up to and including 41.v32d86a\_313b\_4a

**Fix**

*   **Jenkins weekly** should be updated to version 2.400
*   **Jenkins LTS** should be updated to version 2.401.1
*   **Checkmarx Plugin** should be updated to version 2023.2.6
*   **Dimensions Plugin** should be updated to version 0.9.3.1
*   **Team Concert Plugin** should be updated to version 2.4.2

These versions include fixes to the vulnerabilities described above. All prior versions are considered to be affected by these vulnerabilities unless otherwise indicated.

As of publication of this advisory, no fixes are available for the following plugins:

*   AWS CodeCommit Trigger Plugin
*   Digital.ai App Management Publisher Plugin
*   Maven Repository Server Plugin
*   Sonargraph Integration Plugin
*   Template Workflows Plugin

Learn why we announce these issues.

**Credit**

The Jenkins project would like to thank the reporters for discovering and reporting these vulnerabilities:

*   **Alvaro Muñoz (@pwntester), GitHub Security Lab** for SECURITY-3143, SECURITY-3155, SECURITY-3156, SECURITY-3166
*   **CC Bomber, Kitri BoB** for SECURITY-2951
*   **Daniel Beck, CloudBees Inc.** for SECURITY-2870
*   **Daniel Beck, CloudBees, Inc.** for SECURITY-2932
*   **Kevin Guerroudj, CloudBees, Inc.** for SECURITY-3135, SECURITY-3138
*   **Kevin Guerroudj, CloudBees, Inc. and Wadeck Follonier, CloudBees, Inc.** for SECURITY-2911
*   **Tony Torralba (@atorralba), GitHub Security Lab** for SECURITY-3099

CVE-2023-35149: Jenkins Security Advisory 2023-06-14

Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/duplicate/check.

New issue

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed

azraelxuemo opened this issue

Oct 25, 2022

· 10 comments

**Comments**

就是最新的，但是可以绕过

…

\---原始邮件--- 发件人: \*\*\*@\*\*\*.\*\*\*&gt; 发送时间: 2022年10月30日(周日) 下午3:33 收件人: \*\*\*@\*\*\*.\*\*\*&gt;; 抄送: \*\*\*@\*\*\*.\*\*\*\*\*\*@\*\*\*.\*\*\*&gt;; 主题: Re: \[jeecgboot/jeecg-boot\] /sys/duplicate/check存在sql注入漏洞 (Issue #4129) 你这个是哪个版本，针对注释这种我们处理过 — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: \*\*\*@\*\*\*.\*\*\*&gt;

你们自己看我发的内容，里面你们加check了啊，但是check有问题，可以被bypass我已经说的很详细了，我是直接clone你们的项目

…

\---原始邮件--- 发件人: \*\*\*@\*\*\*.\*\*\*&gt; 发送时间: 2022年10月30日(周日) 下午3:41 收件人: \*\*\*@\*\*\*.\*\*\*&gt;; 抄送: \*\*\*@\*\*\*.\*\*\*\*\*\*@\*\*\*.\*\*\*&gt;; 主题: Re: \[jeecgboot/jeecg-boot\] /sys/duplicate/check存在sql注入漏洞 (Issue #4129) 截图版本号 — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: \*\*\*@\*\*\*.\*\*\*&gt;

改成这样就好了  

okok好的好的，因为我看到的是checksql可以被绕过，所以就提出来了哈哈哈2333

…

\---原始邮件--- 发件人: \*\*\*@\*\*\*.\*\*\*&gt; 发送时间: 2022年10月30日(周日) 下午4:22 收件人: \*\*\*@\*\*\*.\*\*\*&gt;; 抄送: \*\*\*@\*\*\*.\*\*\*\*\*\*@\*\*\*.\*\*\*&gt;; 主题: Re: \[jeecgboot/jeecg-boot\] /sys/duplicate/check存在sql注入漏洞 (Issue #4129) 改成这样就好了 — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: \*\*\*@\*\*\*.\*\*\*&gt;

这个是我的版本号

我个人建议还是把sql注入里面的空格删掉  
因为你们替换了/**/  
但还可以用()绕过  
updatexml(1,(select(if(length("aaa")>5,1,sleep(10)))union select(1)),1)  
所以索性你们就不替换/**/这些  
然后直接把输入的整个字符串转成小写  
判断有没有select,这种关键字  
  
您看这样还是可以注入的  
就算我修改了还是可以绕过的  

2 participants

CVE-2022-45206: /sys/duplicate/check存在sql注入漏洞 · Issue #4129 · jeecgboot/jeecg-boot

An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.

New issue

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merged

donaldsharp merged 1 commit into FRRouting:master from opensourcerouting:fix/software\_version\_capability\_handling\_len

Aug 21, 2023

Merged

**bgpd: Check the length of the rcv software version #14241**

donaldsharp merged 1 commit into FRRouting:master from opensourcerouting:fix/software\_version\_capability\_handling\_len

Aug 21, 2023

+11 −1

Conversation 6 Commits 1 Checks 5 Files changed 1

**Conversation**

Copy link

Member

**

 **ton31337** commented

Aug 20, 2023

**

Make sure we don't exceed the maximum of BGP\_MAX\_SOFT\_VERSION.

The Capability Length SHOULD be no greater than 64.

Reported-by: Iggy Frankovic iggyfran@amazon.com

 frrbot bot added the bgp label

Aug 20, 2023

 github-actions bot added master size/XS labels

Aug 20, 2023

 ton31337 force-pushed the fix/software\_version\_capability\_handling\_len branch from 4ab7b68 to 5e3a269 Compare

August 20, 2023 18:47

 github-actions bot added size/S and removed size/XS labels

Aug 20, 2023

          bgpd: Check the length of the rcv software version
        

          b4d09af
        

Make sure we don't exceed the maximum of BGP\_MAX\_SOFT\_VERSION.

The Capability Length SHOULD be no greater than 64.

Reported-by: Iggy Frankovic <iggyfran@amazon.com>
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>

 ton31337 force-pushed the fix/software\_version\_capability\_handling\_len branch from 5e3a269 to b4d09af Compare

August 20, 2023 18:48

Copy link

Member Author

**

**ton31337** commented

Aug 20, 2023

**

@Mergifyio backport stable/9.0

mergify\[bot\] reacted with thumbs up emoji

Copy link

**

**mergify bot** commented

Aug 20, 2023

•

edited



**

> backport stable/9.0

**✅ Backports have been created**

*   #14250 bgpd: Check the length of the rcv software version (backport #14241) has been created for branch stable/9.0

 github-actions bot added the backport label

Aug 20, 2023

Copy link

Collaborator

**

**NetDEF-CI** commented

Aug 20, 2023

•

edited



**

Continuous Integration Result: FAILED**Continuous Integration Result: FAILED**

Test incomplete. See below for issues.  
CI System Testrun URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13678/

This is a comment from an automated CI system.  
For questions and feedback in regards to this CI system, please feel free to email  
Martin Winter - mwinter (at) opensourcerouting.org.

**Get source / Pull Request: Successful****Building Stage: Successful****Basic Tests: Incomplete**Addresssanitizer topotests part 4: Incomplete (check logs for details) Successful on other platforms/tests

*   Topotests Ubuntu 18.04 arm8 part 3
*   Topotests debian 10 amd64 part 9
*   Addresssanitizer topotests part 5
*   Topotests debian 10 amd64 part 4
*   Topotests Ubuntu 18.04 amd64 part 3
*   Topotests Ubuntu 18.04 amd64 part 2
*   Addresssanitizer topotests part 0
*   Topotests debian 10 amd64 part 3
*   Topotests debian 10 amd64 part 8
*   Topotests Ubuntu 18.04 arm8 part 4
*   Topotests Ubuntu 18.04 arm8 part 9
*   Addresssanitizer topotests part 2
*   Topotests Ubuntu 18.04 amd64 part 5
*   Ubuntu 20.04 deb pkg check
*   Topotests Ubuntu 18.04 arm8 part 2
*   Topotests Ubuntu 18.04 i386 part 6
*   Addresssanitizer topotests part 9
*   Topotests Ubuntu 18.04 amd64 part 4
*   Topotests Ubuntu 18.04 i386 part 1
*   Topotests Ubuntu 18.04 amd64 part 9
*   Topotests Ubuntu 18.04 arm8 part 7
*   Topotests Ubuntu 18.04 i386 part 8
*   Topotests Ubuntu 18.04 i386 part 3
*   Topotests Ubuntu 18.04 amd64 part 7
*   Debian 10 deb pkg check
*   Addresssanitizer topotests part 3
*   Addresssanitizer topotests part 7
*   Topotests debian 10 amd64 part 0
*   Topotests Ubuntu 18.04 i386 part 0
*   Addresssanitizer topotests part 6
*   Topotests Ubuntu 18.04 arm8 part 5
*   Topotests debian 10 amd64 part 1
*   CentOS 7 rpm pkg check
*   Topotests debian 10 amd64 part 7
*   Topotests Ubuntu 18.04 amd64 part 0
*   Topotests Ubuntu 18.04 arm8 part 0
*   Topotests Ubuntu 18.04 i386 part 9
*   Topotests Ubuntu 18.04 amd64 part 8
*   Topotests debian 10 amd64 part 2
*   Static analyzer (clang)
*   Topotests Ubuntu 18.04 i386 part 5
*   Ubuntu 18.04 deb pkg check
*   Debian 9 deb pkg check
*   Topotests debian 10 amd64 part 5
*   Addresssanitizer topotests part 1
*   Topotests Ubuntu 18.04 i386 part 4
*   Topotests Ubuntu 18.04 amd64 part 1
*   Topotests Ubuntu 18.04 arm8 part 6
*   Topotests Ubuntu 18.04 arm8 part 1
*   Addresssanitizer topotests part 8
*   Topotests Ubuntu 18.04 i386 part 7
*   Topotests debian 10 amd64 part 6
*   Topotests Ubuntu 18.04 i386 part 2
*   Topotests Ubuntu 18.04 arm8 part 8
*   Topotests Ubuntu 18.04 amd64 part 6

Copy link

Collaborator

**

**NetDEF-CI** commented

Aug 20, 2023

•

edited



**

Continuous Integration Result: FAILED**Continuous Integration Result: FAILED**

Test incomplete. See below for issues.  
CI System Testrun URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13679/

This is a comment from an automated CI system.  
For questions and feedback in regards to this CI system, please feel free to email  
Martin Winter - mwinter (at) opensourcerouting.org.

**Get source / Pull Request: Successful****Building Stage: Successful****Basic Tests: Incomplete**Addresssanitizer topotests part 4: Incomplete (check logs for details) Successful on other platforms/tests

*   Topotests Ubuntu 18.04 arm8 part 3
*   Topotests debian 10 amd64 part 9
*   Addresssanitizer topotests part 5
*   Topotests debian 10 amd64 part 4
*   Topotests Ubuntu 18.04 amd64 part 3
*   Topotests Ubuntu 18.04 amd64 part 2
*   Addresssanitizer topotests part 0
*   Topotests debian 10 amd64 part 8
*   Topotests debian 10 amd64 part 3
*   Topotests Ubuntu 18.04 arm8 part 4
*   Topotests Ubuntu 18.04 arm8 part 9
*   Topotests Ubuntu 18.04 amd64 part 5
*   Ubuntu 20.04 deb pkg check
*   Topotests Ubuntu 18.04 arm8 part 2
*   Topotests Ubuntu 18.04 i386 part 1
*   Topotests Ubuntu 18.04 i386 part 6
*   Topotests Ubuntu 18.04 amd64 part 4
*   Addresssanitizer topotests part 9
*   Topotests Ubuntu 18.04 amd64 part 9
*   Topotests Ubuntu 18.04 i386 part 3
*   Topotests Ubuntu 18.04 arm8 part 7
*   Topotests Ubuntu 18.04 i386 part 8
*   Addresssanitizer topotests part 3
*   Debian 10 deb pkg check
*   Addresssanitizer topotests part 7
*   Topotests debian 10 amd64 part 0
*   Topotests Ubuntu 18.04 amd64 part 7
*   Addresssanitizer topotests part 6
*   Topotests Ubuntu 18.04 i386 part 0
*   Topotests Ubuntu 18.04 i386 part 5
*   Topotests debian 10 amd64 part 1
*   Topotests Ubuntu 18.04 arm8 part 5
*   CentOS 7 rpm pkg check
*   Topotests Ubuntu 18.04 arm8 part 0
*   Topotests Ubuntu 18.04 amd64 part 0
*   Topotests Ubuntu 18.04 i386 part 9
*   Topotests debian 10 amd64 part 2
*   Topotests Ubuntu 18.04 amd64 part 8
*   Static analyzer (clang)
*   Addresssanitizer topotests part 2
*   Debian 9 deb pkg check
*   Topotests Ubuntu 18.04 amd64 part 1
*   Topotests debian 10 amd64 part 5
*   Ubuntu 18.04 deb pkg check
*   Addresssanitizer topotests part 1
*   Topotests Ubuntu 18.04 i386 part 4
*   Topotests debian 10 amd64 part 7
*   Topotests Ubuntu 18.04 arm8 part 6
*   Addresssanitizer topotests part 8
*   Topotests debian 10 amd64 part 6
*   Topotests Ubuntu 18.04 arm8 part 1
*   Topotests Ubuntu 18.04 i386 part 7
*   Topotests Ubuntu 18.04 amd64 part 6
*   Topotests Ubuntu 18.04 i386 part 2
*   Topotests Ubuntu 18.04 arm8 part 8

Copy link

Collaborator

**

**NetDEF-CI** commented

Aug 20, 2023

•

edited



**

Continuous Integration Result: FAILED**Continuous Integration Result: FAILED**

Test incomplete. See below for issues.  
CI System Testrun URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13680/

This is a comment from an automated CI system.  
For questions and feedback in regards to this CI system, please feel free to email  
Martin Winter - mwinter (at) opensourcerouting.org.

**Get source / Pull Request: Successful****Building Stage: Successful****Basic Tests: Incomplete**Addresssanitizer topotests part 4: Incomplete (check logs for details) Topotests Ubuntu 18.04 i386 part 3: Failed (click for details) Topotests Ubuntu 18.04 i386 part 3: Unknown Log URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13680/artifact/TOPO3U18I386/TopotestDetails/

Topology Test Results are at https://ci1.netdef.org/browse/FRR-PULLREQ2-TOPO3U18I386-13680/test

**Topology Tests failed for Topotests Ubuntu 18.04 i386 part 3**  
see full log at https://ci1.netdef.org/browse/FRR-PULLREQ2-13680/artifact/TOPO3U18I386/TopotestLogs/log\_topotests.txt

Topotests Ubuntu 18.04 i386 part 9: Failed (click for details)

Topology Test Results are at https://ci1.netdef.org/browse/FRR-PULLREQ2-TOPO9U18I386-13680/test

**Topology Tests failed for Topotests Ubuntu 18.04 i386 part 9**  
see full log at https://ci1.netdef.org/browse/FRR-PULLREQ2-13680/artifact/TOPO9U18I386/TopotestLogs/log\_topotests.txt  
Topotests Ubuntu 18.04 i386 part 9: Unknown Log  
URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13680/artifact/TOPO9U18I386/TopotestDetails/

Successful on other platforms/tests

*   Topotests Ubuntu 18.04 arm8 part 3
*   Topotests debian 10 amd64 part 9
*   Addresssanitizer topotests part 5
*   Topotests Ubuntu 18.04 amd64 part 2
*   Topotests debian 10 amd64 part 4
*   Topotests Ubuntu 18.04 amd64 part 3
*   Topotests debian 10 amd64 part 8
*   Addresssanitizer topotests part 0
*   Topotests Ubuntu 18.04 arm8 part 4
*   Topotests debian 10 amd64 part 3
*   Topotests Ubuntu 18.04 arm8 part 9
*   Topotests debian 10 amd64 part 0
*   Topotests Ubuntu 18.04 amd64 part 5
*   Ubuntu 20.04 deb pkg check
*   Topotests Ubuntu 18.04 arm8 part 2
*   Topotests Ubuntu 18.04 i386 part 1
*   Topotests Ubuntu 18.04 amd64 part 8
*   Addresssanitizer topotests part 9
*   Topotests Ubuntu 18.04 amd64 part 4
*   Topotests Ubuntu 18.04 arm8 part 0
*   Topotests Ubuntu 18.04 i386 part 6
*   Topotests Ubuntu 18.04 i386 part 8
*   Topotests Ubuntu 18.04 amd64 part 9
*   Topotests Ubuntu 18.04 arm8 part 7
*   Debian 10 deb pkg check
*   Addresssanitizer topotests part 7
*   Topotests Ubuntu 18.04 amd64 part 7
*   Addresssanitizer topotests part 6
*   Topotests Ubuntu 18.04 i386 part 5
*   Topotests Ubuntu 18.04 i386 part 0
*   Addresssanitizer topotests part 3
*   Topotests debian 10 amd64 part 1
*   Topotests Ubuntu 18.04 arm8 part 5
*   CentOS 7 rpm pkg check
*   Topotests Ubuntu 18.04 amd64 part 0
*   Topotests debian 10 amd64 part 2
*   Addresssanitizer topotests part 2
*   Static analyzer (clang)
*   Debian 9 deb pkg check
*   Topotests Ubuntu 18.04 amd64 part 1
*   Addresssanitizer topotests part 1
*   Topotests Ubuntu 18.04 i386 part 4
*   Ubuntu 18.04 deb pkg check
*   Topotests debian 10 amd64 part 5
*   Topotests debian 10 amd64 part 7
*   Topotests Ubuntu 18.04 arm8 part 6
*   Addresssanitizer topotests part 8
*   Topotests debian 10 amd64 part 6
*   Topotests Ubuntu 18.04 arm8 part 8
*   Topotests Ubuntu 18.04 i386 part 7
*   Topotests Ubuntu 18.04 arm8 part 1
*   Topotests Ubuntu 18.04 i386 part 2
*   Topotests Ubuntu 18.04 amd64 part 6

Copy link

Collaborator

**

**NetDEF-CI** commented

Aug 21, 2023

**

**Continuous Integration Result: SUCCESSFUL**

Congratulations, this patch passed basic tests

Tested-by: NetDEF / OpenSourceRouting.org CI System

CI System Testrun URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13680/

This is a comment from an automated CI system.  
For questions and feedback in regards to this CI system, please feel free to email  
Martin Winter - mwinter (at) opensourcerouting.org.

 donaldsharp merged commit ff4c767 into FRRouting:master

Aug 21, 2023

6 checks passed

 mergify bot mentioned this pull request

Aug 21, 2023

bgpd: Check the length of the rcv software version (backport #14241) #14250

Merged

 ton31337 deleted the fix/software\_version\_capability\_handling\_len branch

August 21, 2023 13:53

donaldsharp added a commit that referenced this pull request

Aug 21, 2023

          Merge pull request #14250 from FRRouting/mergify/bp/stable/9.0/pr-14241
        

          d8238e9
        

bgpd: Check the length of the rcv software version (backport #14241)

Sign up for free **to join this conversation on GitHub**. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backport bgp master size/S

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

None yet

3 participants

CVE-2023-41361: bgpd: Check the length of the rcv software version by ton31337 · Pull Request #14241 · FRRouting/frr

A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the current security realm.

This advisory announces vulnerabilities in the following Jenkins deliverables:

*   Active Directory Plugin
*   Assembla Auth Plugin
*   Benchmark Evaluator Plugin
*   Datadog Plugin
*   ElasticBox CI Plugin
*   External Monitor Job Type Plugin
*   mabl Plugin
*   MathWorks Polyspace Plugin
*   OpenShift Login Plugin
*   Oracle Cloud Infrastructure Compute Plugin
*   Orka by MacStadium Plugin
*   Pipeline restFul API Plugin
*   Rebuilder Plugin
*   SAML Single Sign On(SSO) Plugin
*   Sumologic Publisher Plugin
*   Test Results Aggregator Plugin

**Descriptions****XXE vulnerability in External Monitor Job Type Plugin**

**SECURITY-3133 / CVE-2023-37942**  
**Severity (CVSS):** High  
**Affected plugin: external-monitor-job**  
**Description:**

External Monitor Job Type Plugin 206.v9a\_94ff0b\_4a\_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

This allows attackers with Item/Build permission to have Jenkins parse a crafted HTTP request with XML data that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.

External Monitor Job Type Plugin 207.v98a\_a\_37a\_85525 disables external entity resolution for its XML parser.

**Password transmitted in plain text by Active Directory Plugin**

**SECURITY-3059 / CVE-2023-37943**  
**Severity (CVSS):** Low  
**Affected plugin: active-directory**  
**Description:**

Active Directory Plugin allows testing a new, unsaved configuration by performing a connection test (the button labeled "Test Domain").

Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory unencrypted. This allows attackers able to capture network traffic between the Jenkins controller and Active Directory servers to obtain Active Directory credentials.

This only affects the connection test. Connections established during the login process are encrypted if the corresponding TLS option is enabled.

Active Directory Plugin 2.30.1 considers the "Require TLS" and "StartTls" options for connection tests.

**Missing permission check in Datadog Plugin allows capturing credentials**

**SECURITY-3130 / CVE-2023-37944**  
**Severity (CVSS):** Medium  
**Affected plugin: datadog**  
**Description:**

Datadog Plugin 5.4.1 and earlier does not perform a permission check in an HTTP endpoint.

This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Datadog Plugin 5.4.2 requires Overall/Administer permission to access the affected HTTP endpoint.

**Missing permission check in SAML Single Sign On(SSO) Plugin**

**SECURITY-3164 / CVE-2023-37945**  
**Severity (CVSS):** Medium  
**Affected plugin: miniorange-saml-sp**  
**Description:**

SAML Single Sign On(SSO) Plugin 2.3.0 and earlier does not perform a permission check in an HTTP endpoint.

This allows attackers with Overall/Read permission to download a string representation of the current security realm (Java Object#toString()), which potentially includes sensitive information.

SAML Single Sign On(SSO) Plugin 2.3.1 requires Overall/Administer permission to access the affected HTTP endpoint, and only allows downloading a string representation if the current security realm is this plugin’s.

**Session fixation vulnerability in OpenShift Login Plugin**

**SECURITY-2998 / CVE-2023-37946**  
**Severity (CVSS):** High  
**Affected plugin: openshift-login**  
**Description:**

OpenShift Login Plugin 1.1.0.227.v27e08dfb\_1a\_20 and earlier does not invalidate the existing session on login.

This allows attackers to use social engineering techniques to gain administrator access to Jenkins.

OpenShift Login Plugin 1.1.0.230.v5d7030b\_f5432 invalidates the existing session on login.

**Open redirect vulnerability in OpenShift Login Plugin**

**SECURITY-2999 / CVE-2023-37947**  
**Severity (CVSS):** Medium  
**Affected plugin: openshift-login**  
**Description:**

OpenShift Login Plugin 1.1.0.227.v27e08dfb\_1a\_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins.

This allows attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site after successful authentication.

OpenShift Login Plugin 1.1.0.230.v5d7030b\_f5432 only redirects to relative (Jenkins) URLs.

**Missing SSH host key validation in Oracle Cloud Infrastructure Compute Plugin**

**SECURITY-3044 / CVE-2023-37948**  
**Severity (CVSS):** Medium  
**Affected plugin: oracle-cloud-infrastructure-compute**  
**Description:**

Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not perform SSH host key validation when connecting to OCI clouds.

This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to OCI clouds.

Oracle Cloud Infrastructure Compute Plugin 1.0.17 provides strategies for performing host key validation for administrators to select the one that meets their security needs.

The Jenkins security team has been unable to confirm the exploitability and resolution of this vulnerability.

**Missing permission check in Orka by MacStadium Plugin allows capturing credentials**

**SECURITY-3128 / CVE-2023-37949**  
**Severity (CVSS):** Medium  
**Affected plugin: macstadium-orka**  
**Description:**

Orka by MacStadium Plugin 1.33 and earlier does not perform a permission check in an HTTP endpoint.

This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Orka by MacStadium Plugin 1.34 requires Overall/Administer permission to access the affected HTTP endpoint.

**Missing permission check in mabl Plugin allows enumerating credentials IDs**

**SECURITY-3137 (1) / CVE-2023-37950**  
**Severity (CVSS):** Medium  
**Affected plugin: mabl-integration**  
**Description:**

mabl Plugin 0.0.46 and earlier does not perform a permission check in an HTTP endpoint.

This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.

An enumeration of credentials IDs in mabl Plugin 0.0.47 requires the appropriate permissions.

**Exposure of system-scoped credentials in mabl Plugin**

**SECURITY-3137 (2) / CVE-2023-37951**  
**Severity (CVSS):** Medium  
**Affected plugin: mabl-integration**  
**Description:**

mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing the use of System-scoped credentials otherwise reserved for the global configuration.

This allows attackers with Item/Configure permission to access and capture credentials they are not entitled to.

mabl Plugin 0.0.47 defines the appropriate context for credentials lookup.

**CSRF vulnerability and missing permission checks in mabl Plugin allow capturing credentials**

**SECURITY-3127 / CVE-2023-37952 (CSRF), CVE-2023-37953 (missing permission check)**  
**Severity (CVSS):** High  
**Affected plugin: mabl-integration**  
**Description:**

mabl Plugin 0.0.46 and earlier does not perform permission checks in several HTTP endpoints.

This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

mabl Plugin 0.0.47 requires POST requests and the appropriate permissions for the affected HTTP endpoints.

**CSRF vulnerability in Rebuilder Plugin**

**SECURITY-3033 / CVE-2023-37954**  
**Severity (CVSS):** Medium  
**Affected plugin: rebuild**  
**Description:**

Rebuilder Plugin 320.v5a\_0933a\_e7d61 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to rebuild a previous build.

**CSRF vulnerability and missing permission check in Test Results Aggregator Plugin**

**SECURITY-3122 / CVE-2023-37955 (CSRF), CVE-2023-37956 (missing permission check)**  
**Severity (CVSS):** Medium  
**Affected plugin: test-results-aggregator**  
**Description:**

Test Results Aggregator Plugin 1.2.13 and earlier does not perform a permission check in an HTTP endpoint implementing form validation.

This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.

Additionally, this HTTP endpoint does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

**CSRF vulnerability in Pipeline restFul API Plugin**

**SECURITY-3126 / CVE-2023-37957**  
**Severity (CVSS):** High  
**Affected plugin: pipeline-restful-api**  
**Description:**

Pipeline restFul API Plugin 0.11 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to have Jenkins connect to an attacker-specified URL, capturing a newly generated JCLI token that allows impersonating the victim.

**CSRF vulnerability and missing permission checks in Sumologic Publisher Plugin**

**SECURITY-3117 / CVE-2023-37958 (CSRF), CVE-2023-37959 (missing permission check)**  
**Severity (CVSS):** Medium  
**Affected plugin: sumologic-publisher**  
**Description:**

Sumologic Publisher Plugin 2.2.1 and earlier does not perform a permission check in a method implementing form validation.

This allows attackers with Overall/Read permission to connect to an attacker-specified URL.

Additionally, this form validation method does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

**Arbitrary file read vulnerability in MathWorks Polyspace Plugin**

**SECURITY-3124 / CVE-2023-37960**  
**Severity (CVSS):** Medium  
**Affected plugin: mathworks-polyspace**  
**Description:**

MathWorks Polyspace Plugin 1.0.5 and earlier does not restrict the path of the attached files in Polyspace Notification post-build step.

This allows attackers with Item/Configure permission to send emails with arbitrary files from the Jenkins controller file system.

**CSRF vulnerability in Assembla Auth Plugin**

**SECURITY-2988 / CVE-2023-37961**  
**Severity (CVSS):** Medium  
**Affected plugin: assembla-auth**  
**Description:**

Assembla Auth Plugin 1.14 and earlier does not implement a state parameter in its OAuth flow, a unique and non-guessable value associated with each authentication request.

This vulnerability allows attackers to trick users into logging in to the attacker’s account.

**CSRF vulnerability and missing permission checks in Benchmark Evaluator Plugin**

**SECURITY-3119 / CVE-2023-37962 (CSRF), CVE-2023-37963 (missing permission check)**  
**Severity (CVSS):** Medium  
**Affected plugin: benchmark-evaluator**  
**Description:**

Benchmark Evaluator Plugin 1.0.1 and earlier does not perform a permission check in a method implementing form validation.

This allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the Jenkins controller file system.

Additionally, this form validation method does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

**CSRF vulnerability and missing permission checks in ElasticBox CI Plugin allow capturing credentials**

**SECURITY-3131 / CVE-2023-37964 (CSRF), CVE-2023-37965 (missing permission check)**  
**Severity (CVSS):** Medium  
**Affected plugin: elasticbox**  
**Description:**

ElasticBox CI Plugin 5.0.1 and earlier does not perform permission checks in several HTTP endpoints.

This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

**Severity**

*   SECURITY-2988: Medium
*   SECURITY-2998: High
*   SECURITY-2999: Medium
*   SECURITY-3033: Medium
*   SECURITY-3044: Medium
*   SECURITY-3059: Low
*   SECURITY-3117: Medium
*   SECURITY-3119: Medium
*   SECURITY-3122: Medium
*   SECURITY-3124: Medium
*   SECURITY-3126: High
*   SECURITY-3127: High
*   SECURITY-3128: Medium
*   SECURITY-3130: Medium
*   SECURITY-3131: Medium
*   SECURITY-3133: High
*   SECURITY-3137 (1): Medium
*   SECURITY-3137 (2): Medium
*   SECURITY-3164: Medium

**Affected Versions**

*   **Active Directory Plugin** up to and including 2.30
*   **Assembla Auth Plugin** up to and including 1.14
*   **Benchmark Evaluator Plugin** up to and including 1.0.1
*   **Datadog Plugin** up to and including 5.4.1
*   **ElasticBox CI Plugin** up to and including 5.0.1
*   **External Monitor Job Type Plugin** up to and including 206.v9a\_94ff0b\_4a\_10
*   **mabl Plugin** up to and including 0.0.46
*   **MathWorks Polyspace Plugin** up to and including 1.0.5
*   **OpenShift Login Plugin** up to and including 1.1.0.227.v27e08dfb\_1a\_20
*   **Oracle Cloud Infrastructure Compute Plugin** up to and including 1.0.16
*   **Orka by MacStadium Plugin** up to and including 1.33
*   **Pipeline restFul API Plugin** up to and including 0.11
*   **Rebuilder Plugin** up to and including 320.v5a\_0933a\_e7d61
*   **SAML Single Sign On(SSO) Plugin** up to and including 2.3.0
*   **Sumologic Publisher Plugin** up to and including 2.2.1
*   **Test Results Aggregator Plugin** up to and including 1.2.13

**Fix**

*   **Active Directory Plugin** should be updated to version 2.30.1
*   **Datadog Plugin** should be updated to version 5.4.2
*   **External Monitor Job Type Plugin** should be updated to version 207.v98a\_a\_37a\_85525
*   **mabl Plugin** should be updated to version 0.0.47
*   **OpenShift Login Plugin** should be updated to version 1.1.0.230.v5d7030b\_f5432
*   **Oracle Cloud Infrastructure Compute Plugin** should be updated to version 1.0.17
*   **Orka by MacStadium Plugin** should be updated to version 1.34
*   **SAML Single Sign On(SSO) Plugin** should be updated to version 2.3.1

These versions include fixes to the vulnerabilities described above. All prior versions are considered to be affected by these vulnerabilities unless otherwise indicated.

As of publication of this advisory, no fixes are available for the following plugins:

*   Assembla Auth Plugin
*   Benchmark Evaluator Plugin
*   ElasticBox CI Plugin
*   MathWorks Polyspace Plugin
*   Pipeline restFul API Plugin
*   Rebuilder Plugin
*   Sumologic Publisher Plugin
*   Test Results Aggregator Plugin

Learn why we announce these issues.

**Credit**

The Jenkins project would like to thank the reporters for discovering and reporting these vulnerabilities:

*   **Alvaro Muñoz (@pwntester), GitHub Security Lab** for SECURITY-3117, SECURITY-3119, SECURITY-3122, SECURITY-3126, SECURITY-3127, SECURITY-3128, SECURITY-3130, SECURITY-3131
*   **Daniel Beck, CloudBees, Inc.** for SECURITY-3164
*   **Kevin Guerroudj, CloudBees, Inc.** for SECURITY-2988, SECURITY-3033, SECURITY-3137 (1)
*   **Kevin Guerroudj, CloudBees, Inc. and Yaroslav Afenkin, CloudBees, Inc.** for SECURITY-2998, SECURITY-2999
*   **Tony Torralba (@atorralba), GitHub Security Lab** for SECURITY-3124, SECURITY-3133
*   **Yaroslav Afenkin, CloudBees, Inc.** for SECURITY-3044, SECURITY-3137 (2)

CVE-2023-37945: Jenkins Security Advisory 2023-07-12

lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30.

Search

lenovo warranty check/lookup | check warranty status | lenovo support us