AVG-1012 log

Package jenkins
Status Fixed
Severity High
Type multiple issues
Affected 2.185-1
Fixed 2.186-1
Current 2.491-1 [extra]
Ticket None
Created Tue Jul 23 08:07:42 2019
Issue Severity Remote Type Description
CVE-2019-10354 High Yes Access restriction bypass
A security issue has been found in Jenkins before 2.186. Jenkins uses the Stapler web framework to render its UI views. These views are frequently comprised...
CVE-2019-10353 High Yes Cross-site request forgery
By default, CSRF tokens in Jenkins before 2.186 only checked user authentication and IP address. This allowed attackers able to obtain a CSRF token for...
CVE-2019-10352 High Yes Arbitrary file overwrite
A vulnerability has been found in Jenkins before 2.186, where users with Job/Configure permission could specify a relative path escaping the base directory...
References
https://seclists.org/oss-sec/2019/q3/56
https://jenkins.io/security/advisory/2019-07-17/