AVG-948 log

Package jenkins
Status Fixed
Severity Medium
Type multiple issues
Affected 2.171-1
Fixed 2.172-1
Current 2.424-1 [extra]
Ticket None
Created Thu Apr 11 06:07:52 2019
Issue Severity Remote Type Description
CVE-2019-1003050 Medium Yes Cross-site scripting
The f:validateButton form control for the Jenkins UI did not properly escape job URLs. This resulted in a cross-site scripting (XSS) vulnerability...
CVE-2019-1003049 Medium Yes Access restriction bypass
A security issue has been found in Jenkins before 2.172, where the fix for SECURITY-901 in Jenkins 2.150.2 and 2.160 did not reject existing remoting-based...
Date Advisory Package Type
11 Apr 2019 ASA-201904-7 jenkins multiple issues