AVG-1012 log

Package	jenkins
Status	Fixed
Severity	High
Type	multiple issues
Affected	2.185-1
Fixed	2.186-1
Current	2.455-1 [extra]
Ticket	None
Created	Tue Jul 23 08:07:42 2019

Issue	Severity	Remote	Type	Description
CVE-2019-10354	High	Yes	Access restriction bypass	A security issue has been found in Jenkins before 2.186. Jenkins uses the Stapler web framework to render its UI views. These views are frequently comprised...
CVE-2019-10353	High	Yes	Cross-site request forgery	By default, CSRF tokens in Jenkins before 2.186 only checked user authentication and IP address. This allowed attackers able to obtain a CSRF token for...
CVE-2019-10352	High	Yes	Arbitrary file overwrite	A vulnerability has been found in Jenkins before 2.186, where users with Job/Configure permission could specify a relative path escaping the base directory...

Issue

Severity

Remote

Type

Description

CVE-2019-10354

High

Yes

Access restriction bypass

A security issue has been found in Jenkins before 2.186. Jenkins uses the Stapler web framework to render its UI views. These views are frequently comprised...

CVE-2019-10353

High

Yes

Cross-site request forgery

By default, CSRF tokens in Jenkins before 2.186 only checked user authentication and IP address. This allowed attackers able to obtain a CSRF token for...

CVE-2019-10352

High

Yes

Arbitrary file overwrite

A vulnerability has been found in Jenkins before 2.186, where users with Job/Configure permission could specify a relative path escaping the base directory...

References
https://seclists.org/oss-sec/2019/q3/56 https://jenkins.io/security/advisory/2019-07-17/