Access Control Bypass Affecting org.jenkins-ci.plugins:semantic-versioning-plugin package, versions [,1.15)
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsSnyk Learn
Learn about Access Control Bypass vulnerabilities in an interactive lesson.
Start learning- Snyk IDSNYK-JAVA-ORGJENKINSCIPLUGINS-3248509
- published26 Jan 2023
- disclosed26 Jan 2023
- creditDaniel Beck, CloudBees, Inc.
Introduced: 26 Jan 2023
CVE-2023-24429 (opens in a new tab)How to fix?
Upgrade org.jenkins-ci.plugins:semantic-versioning-plugin to version 1.15 or higher.
Overview
org.jenkins-ci.plugins:semantic-versioning-plugin is a plugin that generates a semantic version from a build definition file (SBT, POM)
Affected versions of this package are vulnerable to Access Control Bypass. Semantic Versioning Plugin defines a controller/agent message that processes a given file as XML and its XML parser is not configured to prevent XML external entity (XXE) attacks.Semantic Versioning Plugin 1.14 and earlier does not restrict execution of the controller/agent message to agents, and implements no limitations about the file path that can be parsed. This allows attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.This is due to an incomplete fix of Semantic Versioning Plugin 1.15 does not allow the affected controller/agent message to be submitted by agents for execution on the controller.