Bug 2268227 (CVE-2024-28149)
| Summary: | CVE-2024-28149 jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | asatyam, diagrawa, sabiswas |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting (XSS) attacks and determine whether a path on the Jenkins controller file system exists, without being able to access it.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2268252 | ||
This issue has been addressed in the following products: OCP-Tools-4.13-RHEL-8 Via RHSA-2024:3636 https://access.redhat.com/errata/RHSA-2024:3636 This issue has been addressed in the following products: OCP-Tools-4.14-RHEL-8 Via RHSA-2024:3634 https://access.redhat.com/errata/RHSA-2024:3634 This issue has been addressed in the following products: OCP-Tools-4.12-RHEL-8 Via RHSA-2024:3635 https://access.redhat.com/errata/RHSA-2024:3635 This issue has been addressed in the following products: OCP-Tools-4.15-RHEL-8 Via RHSA-2024:4597 https://access.redhat.com/errata/RHSA-2024:4597 |
SECURITY-784 / CVE-20218-1000175 is a path traversal vulnerability in HTML Publisher Plugin 1.15 and earlier. The fix for it retained compatibility for older reports as a fallback. In HTML Publisher Plugin 1.16 through 1.32 (both inclusive) this fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This allows attackers with Item/Configure permission to do the following: Implement stored cross-site scripting (XSS) attacks. Determine whether a path on the Jenkins controller file system exists, without being able to access it. HTML Publisher Plugin 1.32.1 removes support for reports created before HTML Publisher Plugin 1.15. Those reports are retained on disk, but may no longer be accessible through the Jenkins UI. References: https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301