AVG-1030 log

Package jenkins
Status Fixed
Severity Medium
Type multiple issues
Affected 2.189-1
Fixed 2.192-1
Current 2.485-1 [extra]
Ticket None
Created Thu Aug 29 16:44:05 2019
Issue Severity Remote Type Description
CVE-2019-10384 Medium Yes Cross-site request forgery
Jenkins allowed the creation of CSRF tokens without a corresponding web session ID. This is the result of an incomplete fix for SECURITY-626 in the...
CVE-2019-10383 Low Yes Cross-site scripting
Jenkins did not properly escape the update site URL in some status messages shown in the update center, resulting in a stored cross-site scripting...
Date Advisory Package Type
30 Aug 2019 ASA-201908-22 jenkins multiple issues
References
https://jenkins.io/security/advisory/2019-08-28/
Notes
Fixed in 2.192