Access Control Bypass Affecting org.jenkins-ci.plugins:semantic-versioning-plugin package, versions [,1.15)
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGJENKINSCIPLUGINS-3248509
- published 26 Jan 2023
- disclosed 26 Jan 2023
- credit Daniel Beck, CloudBees, Inc.
Introduced: 26 Jan 2023
CVE-2023-24429 Open this link in a new tabHow to fix?
Upgrade org.jenkins-ci.plugins:semantic-versioning-plugin to version 1.15 or higher.
Overview
org.jenkins-ci.plugins:semantic-versioning-plugin is a plugin that generates a semantic version from a build definition file (SBT, POM)
Affected versions of this package are vulnerable to Access Control Bypass. Semantic Versioning Plugin defines a controller/agent message that processes a given file as XML and its XML parser is not configured to prevent XML external entity (XXE) attacks.Semantic Versioning Plugin 1.14 and earlier does not restrict execution of the controller/agent message to agents, and implements no limitations about the file path that can be parsed. This allows attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.This is due to an incomplete fix of Semantic Versioning Plugin 1.15 does not allow the affected controller/agent message to be submitted by agents for execution on the controller.