AVG-1030 log
Package | jenkins |
Status | Fixed |
Severity | Medium |
Type | multiple issues |
Affected | 2.189-1 |
Fixed | 2.192-1 |
Current | 2.488-1 [extra] |
Ticket | None |
Created | Thu Aug 29 16:44:05 2019 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2019-10384 | Medium | Yes | Cross-site request forgery | Jenkins allowed the creation of CSRF tokens without a corresponding web session ID. This is the result of an incomplete fix for SECURITY-626 in the... |
CVE-2019-10383 | Low | Yes | Cross-site scripting | Jenkins did not properly escape the update site URL in some status messages shown in the update center, resulting in a stored cross-site scripting... |
Date | Advisory | Package | Type |
---|---|---|---|
30 Aug 2019 | ASA-201908-22 | jenkins | multiple issues |
References |
---|
https://jenkins.io/security/advisory/2019-08-28/ |
Notes |
---|
Fixed in 2.192 |