ROS-20240411-08

The Jenkins Automation Server vulnerability involves the creation of temporary files with insecure
permissions. Exploitation of the vulnerability could allow an attacker acting remotely to gain access
to read, modify, or delete files

A vulnerability in the args4j library of the Jenkins Git server Plugin is related to an incorrect restriction of the name of the
of the path to a restricted directory. Exploitation of the vulnerability could allow an attacker,
acting remotely, to read the first two lines of arbitrary files

The Jenkins GitLab Branch Source Plugin vulnerability is related to a flaw in the authorization procedure.
Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to sensitive information.
access to sensitive information

A vulnerability in the args4j library of the Jenkins Automation Server built-in command line interface (CLI) is related to insufficient protection of service information.
is related to insufficient protection of proprietary data. Exploitation of the vulnerability could allow an attacker,
acting remotely, to execute arbitrary co

The Jenkins Automation Server vulnerability is related to file uploads using the Stapler web platform,
which creates temporary files in a temporary directory on the system with default permissions for newly
newly created files. Exploitation of the vulnerability could allow an attacker to gain, acting remotely,
access to read, modify, or delete files

The Jenkins GitLab Branch Source Plugin vulnerability involves cross-site request forgery.
Exploitation of the vulnerability could allow an attacker acting remotely to perform a CSRF attack

Jenkins Automation Server vulnerability is related to the lack of escalation of the value of parameter
of the ExpandableDetailsNote “caption” constructor. Exploitation of the vulnerability could allow an attacker,
acting remotely, gain read access, perform cross-site scripting (XSS) attacks with the ability to exploit the vulnerability.
scripting (XSS) attacks with the ability to manipulate files in workspaces

The vulnerability in the Jenkins Git Matrix Project plugin, is related to the lack of cleanup of user-defined
project axis names with multiple configurations. Exploitation of the vulnerability could allow an attacker,
acting remotely, to impact the integrity and availability of the system

A vulnerability in the Jenkins Git Log Command plugin is related to the operation of the command parser function,
which replaces the “@” character followed by the file path in the argument with the file contents.
Exploitation of the vulnerability could allow an attacker acting remotely to read content from
arbitrary files

The Jenkins Automation Server vulnerability is related to access differentiation flaws in the installation of
plug-ins. Exploitation of the vulnerability could allow an attacker to gain access to read, modify or
delete files and execute arbitrary code

The Jenkins GitLab Branch Source Plugin vulnerability is related to access control flaws.
Exploitation of the vulnerability could allow an attacker acting remotely to configure and share arbitrary projects.
use arbitrary projects

A vulnerability in the Jenkins Automation Server built-in command line interface (CLI) is related to
flaws in the authentication procedure. Exploitation of the vulnerability could allow an attacker acting
remotely to execute a CSWSH attack.

A vulnerability in the Jenkins Red Hat Dependency Analytics plugin is due to a lack of security protections
Content-Security-Policy for user content in workspaces, archive artifacts, etc…,
that Jenkins offers for download. Exploitation of the vulnerability could allow an attacker,
acting remotely, to perform cross-site scripting (XSS) attacks with the ability to
File management in workspaces