Edit Content
Report Incident
English
Sinhala
Tamil

ADVISORY!

TLP : CLEAR

Date : 10/05/2024

REF NO : CERT / 2024/05/41

Jenkins Multiple Vulnerabilities

Severity Level: Medium

Components Affected

  • Git server Plugin up to and including 114.v068a_c7cc2574
  • Script Security Plugin up to and including 1335.vf07d9ce377a_e
  • Subversion Partial Release Manager Plugin up to and including 1.0.1
  • Telegram Bot Plugin up to and including 1.4.0

Overview

Multiple vulnerabilities were identified in Jenkins. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, sensitive information disclosure, denial of service and security restriction bypass on the targeted system.

Description

  • CVE-2024-34144,CVE-2024-34145

Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be allowed.

  • CVE-2024-34146

Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH. This allows attackers with a previously configured SSH public key but lacking Overall/Read permission to access Git repositories. Git server Plugin 117.veb_68868fa_027 requires Overall/Read permission to access Git repositories over SSH.

  • CVE-2024-34147

Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file jenkinsci.plugins.telegrambot.TelegramBotGlobalConfiguration.xml on the Jenkins controller as part of its configuration. This token can be viewed by users with access to the Jenkins controller file system. As of publication of this advisory, there is no fix.

  • CVE-2024-34148

Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically sets the Java system property hudson.model.ParametersAction.keepUndefinedParameters whenever a build is triggered from a release tag with the ‘Svn-Partial Release Manager’ SCM. Doing so disables the fix for SECURITY-170 / CVE-2016-3721. As of publication of this advisory, there is no fix.

Impact

  • Remote Code Execution
  • Information Disclosure
  • Security Restriction Bypass
  • Denial of Service

Solution/ Workarounds

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

Reference

Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.

Sri Lanka Computer Emergency Readiness Team | Coordination Centre

Linkedin-in Facebook-f Twitter Youtube

Quick Links

Useful Links

Contact

  • Hotline : 101
  • +94 11 269 1692
  • Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
  • General inquiry: cert@cert.gov.lk
  • Security incidents: incidents@cert.gov.lk
  • Social media incidents: report@cert.gov.lk

Copyright © 2023 SRI LANKA CERT | CC