jenkins
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Extendable continuous integration server (latest) |
| Version | 2.128-1 [community] |
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-543 | 2.93-1 | Medium | Vulnerable |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2017-17383 | AVG-543 | Medium | Yes | Cross-site scripting | Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated... |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-255 | 2.56-1 | 2.57-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2017-1000356 | AVG-255 | High | Yes | Cross-site request forgery | Multiple Cross-Site Request Forgery vulnerabilities in Jenkins allowed malicious users to perform several administrative actions by tricking a victim into... |
| CVE-2017-1000355 | AVG-255 | Medium | Yes | Arbitrary code execution | Jenkins uses the XStream library to serialize and deserialize XML. Its maintainer recently published a security vulnerability that allows anyone able to... |
| CVE-2017-1000354 | AVG-255 | High | Yes | Privilege escalation | The login command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to... |
Advisories
| Date | Advisory | Group | Severity | Description |
|---|---|---|---|---|
| 27 Apr 2017 | ASA-201704-8 | AVG-255 | High | multiple issues |