CVE-2022-43433 Jenkins Screen recorder plugin disables Content Security Policy protection for user-generated content.

This can lead to disclosure of sensitive data, such as source control information, sensitive workplace documents, or even intellectual property in a hosted environment where sensitive data is not properly protected.

To be safe, we recommend disabling this plugin by default.

How to disable the Jenkins ScreenRecorder Plugin?

Go to: System > Administration > Plugins and click the “Disable” button on the first tab “Screen Recorder Plugin”.

Now, whenever you try to start a screen recording task, Jenkins will prompt you with the following message:

“Screen Recorder Plugin is active but Insecure by default. If you want to disable this Plugin. Go to System > Administration > Plugins and click “Disable” on the first tab “Screen Recorder Plugin”.”

To re-enable the plugin, click “Enable” on the first tab.

If you’re running Jenkins 1.x or 2.x, you can disable the plugin without installing a new version. Open the Jenkins dashboard and navigate to: System > Administration > Plugins. Select the “Screen Recorder Plugin” and click “Disable”. Once you’ve done that, you can no longer start a screen recording task. To re-enable the plugin, click “Enable” on the first tab.

Jenkins and Screen Recording

The Screen Recorder Plugin is a useful tool for capturing the steps involved in a new build or release. However, if you wish to remain safe from disclosure of sensitive data, such as source control information, sensitive work documents, or even intellectual property in a hosted environment where sensitive data is not properly protected, disabling it can be done with ease.
To disable the plugin, go to System > Administration > Plugins and click “Disable” on the first tab “Screen Recorder Plugin”.

3.2.2 Don’t Record When a Job Runs

You can prevent Jenkins from recording screens when a job runs by setting the “Screen Recorder Plugin” to “Don’t Record When a Job Runs”.

To re-enable the plugin, click “Enable” on the first tab.

Jenkins 2.x and 3.x - How to disable the Screen Recorder plugin in Jenkins

In Jenkins 2.x, the screen recorder plugin is not enabled by default. To activate the screen recorder plugin in Jenkins 2.x, do the following:
1) From your Jenkins dashboard, click on “Manage Jenkins” and then select “Configure System”
2) Next to “Advanced Settings” in the configuration section, scroll down to where you see the screen recorder plugin
3) Check that box next to ‘Show Plugin by default’ and click save

Timeline

Published on: 10/19/2022 16:15:00 UTC
Last modified on: 10/23/2022 02:07:00 UTC

References