Access Control Bypass Affecting org.jenkins-ci.plugins:semantic-versioning-plugin package, versions [,1.15)


Severity

Recommended
0.0
high
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
1.31% (67th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-JAVA-ORGJENKINSCIPLUGINS-3248509
  • published26 Jan 2023
  • disclosed26 Jan 2023
  • creditDaniel Beck, CloudBees, Inc.

Introduced: 26 Jan 2023

CVE-2023-24429  (opens in a new tab)
CWE-284  (opens in a new tab)

How to fix?

Upgrade org.jenkins-ci.plugins:semantic-versioning-plugin to version 1.15 or higher.

Overview

org.jenkins-ci.plugins:semantic-versioning-plugin is a plugin that generates a semantic version from a build definition file (SBT, POM)

Affected versions of this package are vulnerable to Access Control Bypass. Semantic Versioning Plugin defines a controller/agent message that processes a given file as XML and its XML parser is not configured to prevent XML external entity (XXE) attacks.Semantic Versioning Plugin 1.14 and earlier does not restrict execution of the controller/agent message to agents, and implements no limitations about the file path that can be parsed. This allows attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.This is due to an incomplete fix of Semantic Versioning Plugin 1.15 does not allow the affected controller/agent message to be submitted by agents for execution on the controller.

CVSS Base Scores

version 3.1