AVG-255

Package jenkins
Status Fixed
Severity High
Type multiple issues
Affected 2.56-1
Fixed 2.57-1
Current 2.128-1 [community]
Ticket None
Created Thu Apr 27 14:34:33 2017
Issue Severity Remote Type Description
CVE-2017-1000356 High Yes Cross-site request forgery
Multiple Cross-Site Request Forgery vulnerabilities in Jenkins allowed malicious users to perform several administrative actions by tricking a victim into...
CVE-2017-1000355 Medium Yes Arbitrary code execution
Jenkins uses the XStream library to serialize and deserialize XML. Its maintainer recently published a security vulnerability that allows anyone able to...
CVE-2017-1000354 High Yes Privilege escalation
The login command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to...
Date Advisory Package Description
27 Apr 2017 ASA-201704-8 jenkins multiple issues
References
https://jenkins.io/security/advisory/2017-04-26/
http://seclists.org/oss-sec/2017/q2/132