1. Home
  2. Security Advisories
  3. Jenkins
  4. JENKINS:SECURITY-2973-1

[JENKINS:SECURITY-2973-1] Agent-to-controller security bypass in `semantic-versioning-plugin`

Severity High
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

semantic-versioning-plugin defines a controller/agent message that processes a given file as XML and its XML parser is not configured to prevent XML external entity (XXE) attacks.

semantic-versioning-plugin 1.14 and earlier does not restrict execution of the controller/agent message to agents, and implements no limitations about the file path that can be parsed.
This allows attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.

This is due to an incomplete fix of link:/security/advisory/2022-03-15/#SECURITY-2124[SECURITY-2124].

NOTE: This vulnerability is only exploitable in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
See the link:/doc/upgrade-guide/2.303/#upgrading-to-jenkins-lts-2-303-3[LTS upgrade guide].

semantic-versioning-plugin 1.15 does not allow the affected controller/agent message to be submitted by agents for execution on the controller.

Package Affected Version
pkg:maven/org.jenkins-ci.plugins/semantic-versioning-plugin <= 1.14
pkg:github/jenkinsci/semantic-versioning-plugin-plugin <= 1.14
Package Fixed Version
pkg:maven/org.jenkins-ci.plugins/semantic-versioning-plugin = 1.15
pkg:github/jenkinsci/semantic-versioning-plugin-plugin = 1.15
ID
JENKINS:SECURITY-2973-1
Severity
high
Published
2023-01-24T00:00:00
(20 months ago)
Modified
2023-01-24T00:00:00
(20 months ago)
Rights
Jenkins Security Team
Other Advisories
Source # ID Name URL
Plugin repository semantic-versioning-plugin repository https://github.com/jenkinsci/semantic-versioning-plugin-plugin
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins/semantic-versioning-plugin org.jenkins-ci.plugins semantic-versioning-plugin <= 1.14
Fixed pkg:maven/org.jenkins-ci.plugins/semantic-versioning-plugin org.jenkins-ci.plugins semantic-versioning-plugin = 1.15
Affected pkg:github/jenkinsci/semantic-versioning-plugin-plugin jenkinsci semantic-versioning-plugin-plugin <= 1.14
Fixed pkg:github/jenkinsci/semantic-versioning-plugin-plugin jenkinsci semantic-versioning-plugin-plugin = 1.15
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date