Bug#763899: jenkins: multiple security vulnerabilities
Nobuhiro Ban
ban.nobuhiro at gmail.com
Fri Oct 3 15:01:37 UTC 2014
Package: jenkins
Version: 1.565.2-2
Severity: grave
Tags: security
Dear Maintainer,
The upstream vendor announced a security advisory.
In this advisory, some vulnerabilities are rated critical severity.
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
>SECURITY-87/CVE-2014-3661 (anonymous DoS attack through CLI handshake)
>SECURITY-110/CVE-2014-3662 (User name discovery)
>SECURITY-127&128/CVE-2014-3663 (privilege escalation in job configuration permission)
>SECURITY-131/CVE-2014-3664 (directory traversal attack)
>SECURITY-138/CVE-2014-3680 (Password exposure in DOM)
>SECURITY-143/CVE-2014-3681 (XSS vulnerability in Jenkins core)
>SECURITY-150/CVE-2014-3666 (remote code execution from CLI)
>SECURITY-155/CVE-2014-3667 (exposure of plugin code)
>SECURITY-159/CVE-2013-2186 (arbitrary file system write)
>SECURITY-149/CVE-2014-1869 (XSS vulnerabilities in ZeroClipboard)
(SECURITY-113 is not about Jenkins core.)
Regards,
Nobuhiro
More information about the pkg-java-maintainers
mailing list