AVG-948 log

Package jenkins
Status Fixed
Severity Medium
Type multiple issues
Affected 2.171-1
Fixed 2.172-1
Current 2.207-1 [community]
Ticket None
Created Thu Apr 11 06:07:52 2019
Issue Severity Remote Type Description
CVE-2019-1003050 Medium Yes Cross-site scripting
The f:validateButton form control for the Jenkins UI did not properly escape job URLs. This resulted in a cross-site scripting (XSS) vulnerability...
CVE-2019-1003049 Medium Yes Access restriction bypass
A security issue has been found in Jenkins before 2.172, where the fix for SECURITY-901 in Jenkins 2.150.2 and 2.160 did not reject existing remoting-based...
Date Advisory Package Description
11 Apr 2019 ASA-201904-7 jenkins multiple issues
References
https://seclists.org/oss-sec/2019/q2/15
https://jenkins.io/security/advisory/2019-04-10/