AVG-255 log
| Package | jenkins |
| Status | Fixed |
| Severity | High |
| Type | multiple issues |
| Affected | 2.56-1 |
| Fixed | 2.57-1 |
| Current |
2.538-1 [extra-testing] 2.536-1 [extra] |
| Ticket | None |
| Created | Thu Apr 27 14:34:33 2017 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2017-1000356 | High | Yes | Cross-site request forgery | Multiple Cross-Site Request Forgery vulnerabilities in Jenkins allowed malicious users to perform several administrative actions by tricking a victim into... |
| CVE-2017-1000355 | Medium | Yes | Arbitrary code execution | Jenkins uses the XStream library to serialize and deserialize XML. Its maintainer recently published a security vulnerability that allows anyone able to... |
| CVE-2017-1000354 | High | Yes | Privilege escalation | The login command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 27 Apr 2017 | ASA-201704-8 | jenkins | multiple issues |
| References |
|---|
https://jenkins.io/security/advisory/2017-04-26/ http://seclists.org/oss-sec/2017/q2/132 |