jenkinsci/rocketchatnotifier-plugin

Vulnerabilities

19 via 40 paths

Dependencies

33

Source

GitHub

Find, fix and prevent vulnerabilities in your code.

Severity
  • 13
  • 4
  • 2
Status
  • 19
  • 0
  • 0

high severity

XML External Entity (XXE) Injection

  • Vulnerable module: com.fasterxml.jackson.core:jackson-databind
  • Introduced through: com.fasterxml.jackson.core:jackson-databind@2.10.0.pr3

Detailed paths

  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin com.fasterxml.jackson.core:jackson-databind@2.10.0.pr3
    Remediation: Upgrade to com.fasterxml.jackson.core:jackson-databind@2.10.5.1.

Overview

com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.

Details

XXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.

Attacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.

For example, below is a sample XML document, containing an XML element- username.

<?xml version="1.0" encoding="ISO-8859-1"?>
   <username>John</username>
</xml>

An external XML entity - xxe, is defined using a system identifier and present within a DOCTYPE header. These entities can access local or remote content. For example the below code contains an external XML entity that would fetch the content of /etc/passwd and display it to the user rendered by username.

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE foo [
   <!ENTITY xxe SYSTEM "file:///etc/passwd" >]>
   <username>&xxe;</username>
</xml>

Other XXE Injection attacks can access local resources that may not stop returning data, possibly impacting application availability and leading to Denial of Service.

Remediation

Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.

References

high severity

Arbitrary Code Execution

  • Vulnerable module: org.jenkins-ci.plugins:script-security
  • Introduced through: org.jenkins-ci.plugins.workflow:workflow-support@2.14 and org.jenkins-ci.plugins:junit@1.27

Detailed paths

  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins.workflow:workflow-support@2.14 org.jenkins-ci.plugins:script-security@1.30
  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins:junit@1.27 org.jenkins-ci.plugins:script-security@1.30

Overview

org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users.

Affected versions of this package are vulnerable to Arbitrary Code Execution. An attacker with Overall/Read permission could provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.

Remediation

Upgrade org.jenkins-ci.plugins:script-security to version 1.51 or higher.

References

high severity

Sandbox Bypass

  • Vulnerable module: org.jenkins-ci.plugins:script-security
  • Introduced through: org.jenkins-ci.plugins.workflow:workflow-support@2.14 and org.jenkins-ci.plugins:junit@1.27

Detailed paths

  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins.workflow:workflow-support@2.14 org.jenkins-ci.plugins:script-security@1.30
  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins:junit@1.27 org.jenkins-ci.plugins:script-security@1.30

Overview

org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users.

Affected versions of this package are vulnerable to Sandbox Bypass. Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be allowed.

Remediation

Upgrade org.jenkins-ci.plugins:script-security to version 1.75 or higher.

References

high severity

Sandbox Bypass

  • Vulnerable module: org.jenkins-ci.plugins:script-security
  • Introduced through: org.jenkins-ci.plugins.workflow:workflow-support@2.14 and org.jenkins-ci.plugins:junit@1.27

Detailed paths

  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins.workflow:workflow-support@2.14 org.jenkins-ci.plugins:script-security@1.30
  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins:junit@1.27 org.jenkins-ci.plugins:script-security@1.30

Overview

org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users.

Affected versions of this package are vulnerable to Sandbox Bypass. It allows attackers to invoke arbitrary constructors in sandboxed scripts.

Remediation

Upgrade org.jenkins-ci.plugins:script-security to version 1.56 or higher.

References

high severity

Sandbox Bypass

  • Vulnerable module: org.jenkins-ci.plugins:script-security
  • Introduced through: org.jenkins-ci.plugins.workflow:workflow-support@2.14 and org.jenkins-ci.plugins:junit@1.27

Detailed paths

  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins.workflow:workflow-support@2.14 org.jenkins-ci.plugins:script-security@1.30
  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins:junit@1.27 org.jenkins-ci.plugins:script-security@1.30

Overview

org.jenkins-ci.plugins:script-security package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users.

Affected versions of this package are vulnerable to Sandbox Bypass. An attacker with Overall/Read permission could execute arbitrary code on the Jenkins master JVM.

Remediation

Upgrade org.jenkins-ci.plugins:script-security to version 1.56 or higher.

References

high severity

Sandbox Bypass

  • Vulnerable module: org.jenkins-ci.plugins:script-security
  • Introduced through: org.jenkins-ci.plugins.workflow:workflow-support@2.14 and org.jenkins-ci.plugins:junit@1.27

Detailed paths

  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins.workflow:workflow-support@2.14 org.jenkins-ci.plugins:script-security@1.30
  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins:junit@1.27 org.jenkins-ci.plugins:script-security@1.30

Overview

org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users.

Affected versions of this package are vulnerable to Sandbox Bypass. Issue related to the handling of type casts allows an attacker to execute arbitrary code in sandboxed scripts.

Remediation

Upgrade org.jenkins-ci.plugins:script-security to version 1.62 or higher.

References

high severity

Sandbox Bypass

  • Vulnerable module: org.jenkins-ci.plugins:script-security
  • Introduced through: org.jenkins-ci.plugins.workflow:workflow-support@2.14 and org.jenkins-ci.plugins:junit@1.27

Detailed paths

  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins.workflow:workflow-support@2.14 org.jenkins-ci.plugins:script-security@1.30
  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins:junit@1.27 org.jenkins-ci.plugins:script-security@1.30

Overview

org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users.

Affected versions of this package are vulnerable to Sandbox Bypass. Issue related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.

Remediation

Upgrade org.jenkins-ci.plugins:script-security to version 1.62 or higher.

References

high severity

Sandbox Bypass

  • Vulnerable module: org.jenkins-ci.plugins:script-security
  • Introduced through: org.jenkins-ci.plugins.workflow:workflow-support@2.14 and org.jenkins-ci.plugins:junit@1.27

Detailed paths

  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins.workflow:workflow-support@2.14 org.jenkins-ci.plugins:script-security@1.30
  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins:junit@1.27 org.jenkins-ci.plugins:script-security@1.30

Overview

org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users.

Affected versions of this package are vulnerable to Sandbox Bypass. Handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts.

Remediation

Upgrade org.jenkins-ci.plugins:script-security to version 1.65 or higher.

References

high severity

Sandbox Bypass

  • Vulnerable module: org.jenkins-ci.plugins:script-security
  • Introduced through: org.jenkins-ci.plugins.workflow:workflow-support@2.14 and org.jenkins-ci.plugins:junit@1.27

Detailed paths

  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins.workflow:workflow-support@2.14 org.jenkins-ci.plugins:script-security@1.30
  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins:junit@1.27 org.jenkins-ci.plugins:script-security@1.30

Overview

org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users.

Affected versions of this package are vulnerable to Sandbox Bypass due to the handling of default parameter expressions in closures. It allowed attackers to execute arbitrary code in sandboxed scripts.

Remediation

Upgrade org.jenkins-ci.plugins:script-security to version 1.68 or higher.

References

high severity

Sandbox Bypass

  • Vulnerable module: org.jenkins-ci.plugins:script-security
  • Introduced through: org.jenkins-ci.plugins.workflow:workflow-support@2.14 and org.jenkins-ci.plugins:junit@1.27

Detailed paths

  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins.workflow:workflow-support@2.14 org.jenkins-ci.plugins:script-security@1.30
  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins:junit@1.27 org.jenkins-ci.plugins:script-security@1.30

Overview

org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users.

Affected versions of this package are vulnerable to Sandbox Bypass. Sandbox protection in Jenkins Script Security Plugin could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations.

Remediation

Upgrade org.jenkins-ci.plugins:script-security to version 1.70 or higher.

References

high severity

Sandbox Bypass

  • Vulnerable module: org.jenkins-ci.plugins:script-security
  • Introduced through: org.jenkins-ci.plugins.workflow:workflow-support@2.14 and org.jenkins-ci.plugins:junit@1.27

Detailed paths

  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins.workflow:workflow-support@2.14 org.jenkins-ci.plugins:script-security@1.30
  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins:junit@1.27 org.jenkins-ci.plugins:script-security@1.30

Overview

org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users.

Affected versions of this package are vulnerable to Sandbox Bypass. It allows attackers which are able to specify and run sandboxed scripts to execute arbitrary code in the context of the Jenkins master JVM.

Remediation

Upgrade org.jenkins-ci.plugins:script-security to version 1.71 or higher.

References

high severity

Sandbox Bypass

  • Vulnerable module: org.jenkins-ci.plugins:script-security
  • Introduced through: org.jenkins-ci.plugins.workflow:workflow-support@2.14 and org.jenkins-ci.plugins:junit@1.27

Detailed paths

  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins.workflow:workflow-support@2.14 org.jenkins-ci.plugins:script-security@1.30
  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins:junit@1.27 org.jenkins-ci.plugins:script-security@1.30

Overview

org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users.

Affected versions of this package are vulnerable to Sandbox Bypass. A malicious user with Overall/Read permission, or able to control Jenkins file or sandboxed Pipeline shared library contents in SCM, could bypass the sandbox protection and execute arbitrary code on the Jenkins master.

Remediation

Upgrade org.jenkins-ci.plugins:script-security to version 1.50 or higher.

References

high severity

Access Restriction Bypass

  • Vulnerable module: org.kohsuke:groovy-sandbox
  • Introduced through: org.jenkins-ci.plugins.workflow:workflow-support@2.14 and org.jenkins-ci.plugins:junit@1.27

Detailed paths

  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins.workflow:workflow-support@2.14 org.jenkins-ci.plugins:script-security@1.30 org.kohsuke:groovy-sandbox@1.12
  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins:junit@1.27 org.jenkins-ci.plugins:script-security@1.30 org.kohsuke:groovy-sandbox@1.12

Overview

org.kohsuke:groovy-sandbox is a Compile-time transformer to run Groovy code in a restrictive sandbox.

Affected versions of this package are vulnerable to Access Restriction Bypass via the org/kohsuke/groovy/sandbox/SandboxTransformer.java method. An attacker with Job/Configure permission could execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed.

Remediation

Upgrade org.kohsuke:groovy-sandbox to version 1.20 or higher.

References

medium severity

Improper Input Validation

  • Vulnerable module: org.apache.httpcomponents:httpclient
  • Introduced through: org.apache.httpcomponents:httpclient@4.5.12 and com.mashape.unirest:unirest-java@1.4.9

Detailed paths

  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.apache.httpcomponents:httpclient@4.5.12
    Remediation: Upgrade to org.apache.httpcomponents:httpclient@4.5.13.
  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin com.mashape.unirest:unirest-java@1.4.9 org.apache.httpcomponents:httpclient@4.5.12
  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin com.mashape.unirest:unirest-java@1.4.9 org.apache.httpcomponents:httpasyncclient@4.1.1 org.apache.httpcomponents:httpclient@4.5.12
  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin com.mashape.unirest:unirest-java@1.4.9 org.apache.httpcomponents:httpmime@4.5.2 org.apache.httpcomponents:httpclient@4.5.12

Overview

org.apache.httpcomponents:httpclient is a HttpClient component of the Apache HttpComponents project.

Affected versions of this package are vulnerable to Improper Input Validation. Apache HttpClient can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

Remediation

Upgrade org.apache.httpcomponents:httpclient to version 4.5.13 or higher.

References

medium severity

Arbitrary File Read

  • Vulnerable module: org.jenkins-ci.plugins:script-security
  • Introduced through: org.jenkins-ci.plugins.workflow:workflow-support@2.14 and org.jenkins-ci.plugins:junit@1.27

Detailed paths

  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins.workflow:workflow-support@2.14 org.jenkins-ci.plugins:script-security@1.30
  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins:junit@1.27 org.jenkins-ci.plugins:script-security@1.30

Overview

org.jenkins-ci.plugins:script-security allows Jenkins administrators to control what in-process scripts can be run by less-privileged users.

Affected versions of this package are vulnerable to Arbitrary File Read. Users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new File objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type coercion is now subject to sandbox protection and considered to be a call to the new File(String) constructor for the purpose of in-process script approval.

Remediation

Upgrade org.jenkins-ci.plugins:script-security to version 1.37 or higher.

References

medium severity

Cross-site Scripting (XSS)

  • Vulnerable module: org.jenkins-ci.plugins:script-security
  • Introduced through: org.jenkins-ci.plugins.workflow:workflow-support@2.14 and org.jenkins-ci.plugins:junit@1.27

Detailed paths

  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins.workflow:workflow-support@2.14 org.jenkins-ci.plugins:script-security@1.30
  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins:junit@1.27 org.jenkins-ci.plugins:script-security@1.30

Overview

org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). They incorrectly escape pending or approved classpath entries on the On-process Script Approval page. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users able to configure sandboxed scripts.

Details

A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.

This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.

Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.

Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, < can be coded as &lt; and > can be coded as &gt; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses < and > as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.

The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.

Types of attacks

There are a few methods by which XSS can be manipulated:

Type Origin Description
Stored Server The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.
Reflected Server The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.
DOM-based Client The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.
Mutated The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.

Affected environments

The following environments are susceptible to an XSS attack:

  • Web servers
  • Application servers
  • Web application environments

How to prevent

This section describes the top best practices designed to specifically protect your code:

  • Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
  • Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
  • Give users the option to disable client-side scripts.
  • Redirect invalid requests.
  • Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
  • Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
  • Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.

Remediation

Upgrade org.jenkins-ci.plugins:script-security to version 1.73 or higher.

References

medium severity

Sandbox Bypass

  • Vulnerable module: org.jenkins-ci.plugins:script-security
  • Introduced through: org.jenkins-ci.plugins.workflow:workflow-support@2.14 and org.jenkins-ci.plugins:junit@1.27

Detailed paths

  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins.workflow:workflow-support@2.14 org.jenkins-ci.plugins:script-security@1.30
  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.jenkins-ci.plugins:junit@1.27 org.jenkins-ci.plugins:script-security@1.30

Overview

org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users.

Affected versions of this package are vulnerable to Sandbox Bypass. Sandbox protection in Script Security Plugin could be circumvented through any of the following:

  • Crafted method names in method call expressions (CVE-2019-10393)

  • Crafted property names in property expressions on the left-hand side of assignment expressions (CVE-2019-10394)

  • Crafted property names in property expressions in increment and decrement expressions (CVE-2019-10399)

  • Crafted subexpressions in increment and decrement expressions not involving actual assignment (CVE-2019-10400)

This allowed attackers able to specify and run sandboxed scripts to execute arbitrary code in the Jenkins master JVM.

Remediation

A fix was pushed into the master branch but not yet published.

References

low severity

Information Exposure

  • Vulnerable module: commons-codec:commons-codec
  • Introduced through: org.apache.httpcomponents:httpclient@4.5.12 and com.mashape.unirest:unirest-java@1.4.9

Detailed paths

  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin org.apache.httpcomponents:httpclient@4.5.12 commons-codec:commons-codec@1.11
  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin com.mashape.unirest:unirest-java@1.4.9 org.apache.httpcomponents:httpclient@4.5.12 commons-codec:commons-codec@1.11
  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin com.mashape.unirest:unirest-java@1.4.9 org.apache.httpcomponents:httpasyncclient@4.1.1 org.apache.httpcomponents:httpclient@4.5.12 commons-codec:commons-codec@1.11
  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin com.mashape.unirest:unirest-java@1.4.9 org.apache.httpcomponents:httpmime@4.5.2 org.apache.httpcomponents:httpclient@4.5.12 commons-codec:commons-codec@1.11

Overview

commons-codec:commons-codec is a package that contains simple encoder and decoders for various formats such as Base64 and Hexadecimal.

Affected versions of this package are vulnerable to Information Exposure. When there is no byte array value that can be encoded into a string the Base32 implementation does not reject it, and instead decodes it into an arbitrary value which can be re-encoded again using the same implementation. This allows for information exposure exploits such as tunneling additional information via seemingly valid base 32 strings.

Remediation

Upgrade commons-codec:commons-codec to version 1.13 or higher.

References

low severity

Information Exposure

  • Vulnerable module: junit:junit
  • Introduced through: com.googlecode.json-simple:json-simple@1.1.1

Detailed paths

  • Introduced through: jenkinsci/rocketchatnotifier-plugin@jenkinsci/rocketchatnotifier-plugin com.googlecode.json-simple:json-simple@1.1.1 junit:junit@4.12

Overview

junit:junit is an unit testing framework for Java

Affected versions of this package are vulnerable to Information Exposure. The JUnit4 test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system.

Note: This vulnerability does not allow other users to overwrite the contents of these directories or files. This only affects Unix like systems.

Remediation

Upgrade junit:junit to version 4.13.1 or higher.

References