AVG-948 log
Package | jenkins |
Status | Fixed |
Severity | Medium |
Type | multiple issues |
Affected | 2.171-1 |
Fixed | 2.172-1 |
Current | 2.491-1 [extra] |
Ticket | None |
Created | Thu Apr 11 06:07:52 2019 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2019-1003050 | Medium | Yes | Cross-site scripting | The f:validateButton form control for the Jenkins UI did not properly escape job URLs. This resulted in a cross-site scripting (XSS) vulnerability... |
CVE-2019-1003049 | Medium | Yes | Access restriction bypass | A security issue has been found in Jenkins before 2.172, where the fix for SECURITY-901 in Jenkins 2.150.2 and 2.160 did not reject existing remoting-based... |
Date | Advisory | Package | Type |
---|---|---|---|
11 Apr 2019 | ASA-201904-7 | jenkins | multiple issues |
References |
---|
https://seclists.org/oss-sec/2019/q2/15 https://jenkins.io/security/advisory/2019-04-10/ |