SB2022033108 - Multiple vulnerabilities in Jenkins Continuous Integration with Toad Edge plugin

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Stored cross-site scripting (CVE-ID: CVE-2022-28145)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to the affected plugin does not apply Content-Security-Policy headers to report files it serves. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

2) Path traversal (CVE-ID: CVE-2022-28148)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the file browser. A remote user can send a specially crafted HTTP request and read arbitrary files on the system.

3) Improper access control (CVE-ID: CVE-2022-28147)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in a method implementing form validation. A remote user can check for the existence of an attacker-specified file path on the Jenkins controller file system. 

4) Information disclosure (CVE-ID: CVE-2022-28146)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote user can read arbitrary files on the Jenkins controller by specifying an input folder on the Jenkins controller as a parameter to its build steps.

Remediation

Install update from vendor's website.

References

• https://jenkins.io/security/advisory/2022-03-29/