AVG-255 log
Package | jenkins |
Status | Fixed |
Severity | High |
Type | multiple issues |
Affected | 2.56-1 |
Fixed | 2.57-1 |
Current | 2.491-1 [extra] |
Ticket | None |
Created | Thu Apr 27 14:34:33 2017 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2017-1000356 | High | Yes | Cross-site request forgery | Multiple Cross-Site Request Forgery vulnerabilities in Jenkins allowed malicious users to perform several administrative actions by tricking a victim into... |
CVE-2017-1000355 | Medium | Yes | Arbitrary code execution | Jenkins uses the XStream library to serialize and deserialize XML. Its maintainer recently published a security vulnerability that allows anyone able to... |
CVE-2017-1000354 | High | Yes | Privilege escalation | The login command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to... |
Date | Advisory | Package | Type |
---|---|---|---|
27 Apr 2017 | ASA-201704-8 | jenkins | multiple issues |
References |
---|
https://jenkins.io/security/advisory/2017-04-26/ http://seclists.org/oss-sec/2017/q2/132 |