AVG-255 log

Package jenkins
Status Fixed
Severity High
Type multiple issues
Affected 2.56-1
Fixed 2.57-1
Current 2.454-1 [extra]
Ticket None
Created Thu Apr 27 14:34:33 2017
Issue Severity Remote Type Description
CVE-2017-1000356 High Yes Cross-site request forgery
Multiple Cross-Site Request Forgery vulnerabilities in Jenkins allowed malicious users to perform several administrative actions by tricking a victim into...
CVE-2017-1000355 Medium Yes Arbitrary code execution
Jenkins uses the XStream library to serialize and deserialize XML. Its maintainer recently published a security vulnerability that allows anyone able to...
CVE-2017-1000354 High Yes Privilege escalation
The login command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to...
Date Advisory Package Type
27 Apr 2017 ASA-201704-8 jenkins multiple issues