AVG-1012 log
Package | jenkins |
Status | Fixed |
Severity | High |
Type | multiple issues |
Affected | 2.185-1 |
Fixed | 2.186-1 |
Current | 2.491-1 [extra] |
Ticket | None |
Created | Tue Jul 23 08:07:42 2019 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2019-10354 | High | Yes | Access restriction bypass | A security issue has been found in Jenkins before 2.186. Jenkins uses the Stapler web framework to render its UI views. These views are frequently comprised... |
CVE-2019-10353 | High | Yes | Cross-site request forgery | By default, CSRF tokens in Jenkins before 2.186 only checked user authentication and IP address. This allowed attackers able to obtain a CSRF token for... |
CVE-2019-10352 | High | Yes | Arbitrary file overwrite | A vulnerability has been found in Jenkins before 2.186, where users with Job/Configure permission could specify a relative path escaping the base directory... |
References |
---|
https://seclists.org/oss-sec/2019/q3/56 https://jenkins.io/security/advisory/2019-07-17/ |