BRANDEFENSE BRANDEFENSE
  • Platform
    How It Works?
    Platform Overview
    Cyber Intelligence
    Brand & Reputation Protection
    Exposure Management
    By Use Case
    Preventing Data Leakage
    Phishing Monitoring
    Account Takeover Detection
    Stolen Credit Cards
    Dark Web Monitoring
    Remediation and Takedown
    Q1 | 2023
    Explore the Ransomware Attacks
  • Solutions
    Threat Intelligence Service
    Brand Protection
    Vulnerability Management
    Attack Surface Management
    Fraud Protection
    VIP Security
    Vulnerability Intelligence
  • Resources
    Blog
    Infographics
    Datasheets
    Security News
    Threat Intelligence Researches
    Digital Risk Protection – FAQ
    Cybersecurity Glossary
    Events
  • Partners
    About the Partner Program
    Become a Partner
    Partner Portal
  • Company
    About Us
    Join Us!
    We in the Press
    Privacy Policy
    Terms of Use
    Contact Us
Request a Demo
Login

BRANDEFENSE

  • Platform
    How It Works?
    Platform Overview
    Cyber Intelligence
    Brand & Reputation Protection
    Exposure Management
    By Use Case
    Preventing Data Leakage
    Phishing Monitoring
    Account Takeover Detection
    Stolen Credit Cards
    Dark Web Monitoring
    Remediation and Takedown
    Q1 | 2023
    Explore the Ransomware Attacks
  • Solutions
    Threat Intelligence Service
    Brand Protection
    Vulnerability Management
    Attack Surface Management
    Fraud Protection
    VIP Security
    Vulnerability Intelligence
  • Resources
    Blog
    Infographics
    Datasheets
    Security News
    Threat Intelligence Researches
    Digital Risk Protection – FAQ
    Cybersecurity Glossary
    Events
  • Partners
    About the Partner Program
    Become a Partner
    Partner Portal
  • Company
    About Us
    Join Us!
    We in the Press
    Privacy Policy
    Terms of Use
    Contact Us
Security News – Week 27

Security News – Week 27

BRANDEFENSE
Weekly Newsletter
06/07/2022

Last updated on August 9th, 2022 at 09:21 pm

jenkins vulnerability security news

Table of Contents

  • Multiple Critical Vulnerabilities Detected in Jenkins
  • [Exploit Details]: Critical RCE Vulnerability Found in ManageEngine ADAudit Plus
  • GitLab Releases Security Updates Fixing Critical Vulnerabilities

Multiple Critical Vulnerabilities Detected in Jenkins

Multiple vulnerabilities have been detected in Jenkins – an open-source software developed with Java to automate the Continuous Integration process – allowing threat actors to perform XSS and CSRF attacks. Jenkins continually develops and tests software projects, making it easy for developers to integrate changes into the project.

Details of the vulnerabilities rated as critical are given below;

  • The vulnerability, tracked as CVE-2022-34784, is a cross-site scripting (XSS) vulnerability that affects the build-metrics plugin used by Jenkins and can be exploited by threat actors with build/update permissions.
  • CVE-2022-34787 is a cross-site scripting (XSS) vulnerability found in the Project Inheritance plugin used by Jenkins.
  • CVE-2022-34788 is a cross-site scripting (XSS) execution vulnerability found in the Matrix Reloaded plugin used by Jenkins.
  • CVE-2022-34790 is a cross-site scripting (XSS) vulnerability found in the eXtreme Feedback Panel plugin used by Jenkins.
  • The vulnerability tracked as CVE-2022-34792 is found in the Recipe plugin used by Jenkins and allows threat actors to perform cross-site request forgery (CSRF) and XXE (XML External Entity) injection attacks on the affected system.
  • The vulnerability tracked as CVE-2022-34791 resides in the Email Parameter plugin used by Jenkins and allows threat actors to perform cross-site scripting (XSS) attacks on affected installations.
  • CVE-2022-34783 is a cross-site scripting (XSS) vulnerability found in the Plot plugin used by Jenkins.
  • CVE-2022-34777 is a stored cross-site scripting (XSS) vulnerability found in the GitLab plugin used by Jenkins.
  • CVE-2022-34786 is a cross-site scripting (XSS) vulnerability found in the Rich Text Publisher plugin used by Jenkins.
  • CVE-2022-34778 is a cross-site scripting (XSS) vulnerability found in the TestNG Results plugin used by Jenkins.
  • CVE-2022-34795 is a stored cross-site scripting (XSS) vulnerability found in the Deployment Dashboard plugin used by Jenkins.

An update that fixes the security vulnerabilities detected in these Jenkins plugins has not been released yet. Successful exploitation of vulnerabilities can allow remote threat actors to obtain sensitive information, change the web page’s appearance, and carry out phishing attacks. In this context, it is recommended to follow the updates that fix the vulnerabilities and apply them immediately if they are published.

adaudit plus vulnerability

[Exploit Details]: Critical RCE Vulnerability Found in ManageEngine ADAudit Plus

In March 2022, an unauthenticated remote code execution (RCE) vulnerability was identified affecting the Zoho ManageEngine ADAudit Plus solution, which organizations use to monitor changes in Active Directory. (Reference Link)

The security vulnerability tracked as CVE-2022-28219 is caused by a combination of Untrusted Java Deserialization, Path Traversal, and XEE (XML External Entity) issues. Apart from allowing remote code execution on affected systems, the vulnerability can be exploited in some cases to compromise domain administrator accounts.

Active Directory management-related products (ADManager Plus, ADSelfService Plus, ADAudit Plus) are widely used by institutions/organizations.

These applications create an attractive attack surface for threat actors because of their privileged access to Active Directory. Details of the PoC code and applications for exploiting the vulnerability affecting ADAudit Plus have been published by security researchers.

Applications such as ADAudit Plus that integrate with Active Directory must store credentials to connect to it. ADAudit Plus keeps these credentials encrypted in its database. It is possible to reverse the encryption for clear access to these credentials. If these credentials are compromised, it gives a lot of privilege to the threat actors. ADAudit Plus makes it easy for users to connect to AD with their domain administrator credentials, and users use this easy way instead of creating a special service account with limited privileges. By manipulating this feature, threat actors can completely compromise the AD domain through ADAudit Plus.

In order not to be the target of attacks that can be carried out by exploiting the vulnerability, institutions/organizations using ADAudit Plus are urgently recommended to upgrade to ADAudit Plus 7060 or a later version to fix the security vulnerability.

security vulnerabilities detected in gitlab that could lead to user data disclosure

GitLab Releases Security Updates Fixing Critical Vulnerabilities

GitLab has released fixes and updates that fix critical vulnerabilities as part of the June security updates.

Some of the security vulnerabilities that have been fixed with the released updates and rated as critical, high, and medium are as follows;

  • Vulnerability tracked as CVE-2022-2185 (critical) exists due to incorrect input validation in Project Imports. As a result, a remote privileged user can import a maliciously crafted project, causing remote code execution on the vulnerable system.
  • The XSS vulnerability tracked as CVE-2022-2235 (high) is due to insufficient sanitization of user-supplied data in ZenTao integration. As a result, a remote threat actor can direct targets to open a specially crafted link and run arbitrary HTML and script code in the user’s browser in the context of the vulnerable website.
  • The security vulnerability tracked as CVE-2022-2229 (high) is caused by incorrect authorization. A remote threat actor can extract the value of an unprotected variable whose name it knows in public or private projects of which it is a member.

These vulnerabilities affected all GitLab CE/EE versions between 13.7.0 and 15.1.0 (inclusive) and were fixed in the released versions 15.1.1, 15.0.4, and 14.10.5. Users using vulnerable GitLab versions are advised to apply the released updates immediately.

CVE-2022-2185 CVE-2022-2229 CVE-2022-2235 CVE-2022-28219 CVE-2022-34777 CVE-2022-34778 CVE-2022-34783 CVE-2022-34784 CVE-2022-34786 CVE-2022-34787 CVE-2022-34788 CVE-2022-34790 CVE-2022-34791 CVE-2022-34792 CVE-2022-34795 GitLab Jenkins
Share on Facebook Share on X
Search
Categories
APT GroupsBlogDark WebDRPSFraudRansomwareSector AnalysisSecurity NewsVIP SecurityWe in the PressWeekly Newsletter
Recent Posts
  • What is Supply Chain Security?
    What is Supply Chain Security?
  • Godfather Android Banking Trojan Technical Analysis
    Godfather Android Banking Trojan Technical Analysis
  • Celebrating a Milestone: Brandefense Earns a Spot on Fast Company Turkey’s Top 100 Start-Up List
    Celebrating a Milestone: Brandefense Earns a Spot on Fast Company Turkey’s Top 100 Start-Up List
  • Perspective of the Month | Anonymous Sudan | June – July 2023
    Perspective of the Month | Anonymous Sudan | June – July 2023
Ransomware Trends Report | Q2 2023
Ransomware Attack Trends in the Second Quarter of 2023
Report

Ransomware Attack Trends in the Second Quarter of 2023

Download Report
Follow us!

Continue Reading

Previous post

GitLab Releases Security Updates Fixing Critical Vulnerabilities

gitlab june vulnerability releases
redalert ransomware
Next post

RedAlert: The New Ransomware Targeting VMware ESXi Servers

We know what hackers know about you

Our cyber threat intelligence and security research team is ready to help you.
image link

Brandefense is solving SOC’s complex challenges. We are here to help Brandefense customers to protect their brands and reputations against cyber threats.

United States:

300 Delaware Ave. Ste 210 #328 Wilmington, DE 19801 / USA

Republic of Turkey:

Üniversiteler, 1605 Cd. Cyberpark Vakıf Binası Kat: -1 No: B25, 06800 Çankaya/Ankara

© 2022 Brandefense. All rights reserved.

Solutions
Threat IntelligenceBrand ProtectionVulnerability ManagementFraud ProtectionVIP SecurityAttack Surface ManagementVulnerability Intelligence
Use Case
Data LeakagePhishing MonitoringAccount Takeover DetectionStolen Credit CardsDark Web MonitoringRemediation / Takedown
Partners
About the Partner ProgramBecome a Partner
Company
AboutCareerPrivacy PolicyTerms Of UseContact
Close
Search

Hit enter to search or ESC to close

cookie By using this website, you agree to our cookie policy. Close