FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

jenkins -- multiple vulnerabilities

Affected packages
jenkins < 2.133
jenkins-lts < 2.121.2

Details

VuXML ID 20a1881e-8a9e-11e8-bddf-d017c2ca229d
Discovery 2018-07-18
Entry 2018-07-18

Jenkins Security Advisory:

Description

(High) SECURITY-897 / CVE-2018-1999001

Users without Overall/Read permission can have Jenkins reset parts of global configuration on the next restart

(High) SECURITY-914 / CVE-2018-1999002

Arbitrary file read vulnerability

(Medium) SECURITY-891 / CVE-2018-1999003

Unauthorized users could cancel queued builds

(Medium) SECURITY-892 / CVE-2018-1999004

Unauthorized users could initiate and abort agent launches

(Medium) SECURITY-944 / CVE-2018-1999005

Stored XSS vulnerability

(Medium) SECURITY-925 / CVE-2018-1999006

Unauthorized users are able to determine when a plugin was extracted from its JPI package

(Medium) SECURITY-390 / CVE-2018-1999007

XSS vulnerability in Stapler debug mode

[source]

References

CVE Name CVE-2018-1999001
CVE Name CVE-2018-1999002
CVE Name CVE-2018-1999003
CVE Name CVE-2018-1999004
CVE Name CVE-2018-1999005
CVE Name CVE-2018-1999006
CVE Name CVE-2018-1999007
URL https://jenkins.io/security/advisory/2018-07-18/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.