jenkins

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Extendable continuous integration server (latest)
Version 2.128-1 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-543 2.93-1 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2017-17383 AVG-543 Medium Yes Cross-site scripting
Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-255 2.56-1 2.57-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2017-1000356 AVG-255 High Yes Cross-site request forgery
Multiple Cross-Site Request Forgery vulnerabilities in Jenkins allowed malicious users to perform several administrative actions by tricking a victim into...
CVE-2017-1000355 AVG-255 Medium Yes Arbitrary code execution
Jenkins uses the XStream library to serialize and deserialize XML. Its maintainer recently published a security vulnerability that allows anyone able to...
CVE-2017-1000354 AVG-255 High Yes Privilege escalation
The login command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to...

Advisories

Date Advisory Group Severity Description
27 Apr 2017 ASA-201704-8 AVG-255 High multiple issues