jenkins: Multiple vulnerabilities (CVE-2020-2160, CVE-2020-2161, CVE-2020-2162, CVE-2020-2163)
CVE-2020-2160: CSRF protection for any URL could be bypassed
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.
References:
- https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1774
- https://nvd.nist.gov/vuln/detail/CVE-2020-2160
CVE-2020-2161: Stored XSS vulnerability in label expression validation
In Jenkins 2.227 and earlier, LTS 2.204.5 and earlier, the form validation for label expressions in job configuration forms did not properly escape label names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to define node labels.
References:
- https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1774
- https://www.openwall.com/lists/oss-security/2020/03/25/2
CVE-2020-2162: Stored XSS vulnerability in file parameters
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier served files uploaded as file parameters to a build without specifying appropriate Content-Security-Policy HTTP headers. This resulted in a stored cross-site scripting (XSS) vulnerability exploitable by users with permissions to build a job with file parameters.
References:
- https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1774
- https://www.openwall.com/lists/oss-security/2020/03/25/2
CVE-2020-2163: Stored XSS vulnerability in list view column headers
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier processed HTML embedded in list view column headers. This resulted in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control the content of column headers.
References:
- https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1774
- https://www.openwall.com/lists/oss-security/2020/03/25/2
Affected branches:
-
master -
3.11-stable