AVG-1030 log
| Package | jenkins |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 2.189-1 |
| Fixed | 2.192-1 |
| Current | 2.485-1 [extra] |
| Ticket | None |
| Created | Thu Aug 29 16:44:05 2019 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2019-10384 | Medium | Yes | Cross-site request forgery | Jenkins allowed the creation of CSRF tokens without a corresponding web session ID. This is the result of an incomplete fix for SECURITY-626 in the... |
| CVE-2019-10383 | Low | Yes | Cross-site scripting | Jenkins did not properly escape the update site URL in some status messages shown in the update center, resulting in a stored cross-site scripting... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 30 Aug 2019 | ASA-201908-22 | jenkins | multiple issues |
| References |
|---|
https://jenkins.io/security/advisory/2019-08-28/ |
| Notes |
|---|
Fixed in 2.192 |