AVG-948 log
| Package | jenkins |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 2.171-1 |
| Fixed | 2.172-1 |
| Current | 2.538-1 [extra] |
| Ticket | None |
| Created | Thu Apr 11 06:07:52 2019 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2019-1003050 | Medium | Yes | Cross-site scripting | The f:validateButton form control for the Jenkins UI did not properly escape job URLs. This resulted in a cross-site scripting (XSS) vulnerability... |
| CVE-2019-1003049 | Medium | Yes | Access restriction bypass | A security issue has been found in Jenkins before 2.172, where the fix for SECURITY-901 in Jenkins 2.150.2 and 2.160 did not reject existing remoting-based... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 11 Apr 2019 | ASA-201904-7 | jenkins | multiple issues |
| References |
|---|
https://seclists.org/oss-sec/2019/q2/15 https://jenkins.io/security/advisory/2019-04-10/ |