From 7857b2d4db41e06b44a76fa9df467cd8ad10d93e Mon Sep 17 00:00:00 2001 From: Li-Wen Hsu Date: Thu, 27 Apr 2017 03:41:04 +0000 Subject: Document Jenkins Security Advisory 2017-04-26 --- security/vuxml/vuln.xml | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index bd338f4abb6c..68f2910a0bd0 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,47 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + jenkins -- multiple vulnerabilities + + + jenkins + 2.57 + + + jenkins-lts + 2.46.2 + + + + +

Jenkins Security Advisory:

+
Description
+
SECURITY-412 through SECURITY-420 / CVE-2017-1000356
+
CSRF: Multiple vulnerabilities
+
SECURITY-429 / CVE-2017-1000353
+
CLI: Unauthenticated remote code execution
+
SECURITY-466 / CVE-2017-1000354
+
CLI: Login command allowed impersonating any Jenkins user
+
SECURITY-503 / CVE-2017-1000355
+
XStream: Java crash when trying to instantiate void/Void
+

+ + + + CVE-2017-1000356 + CVE-2017-1000353 + CVE-2017-1000354 + CVE-2017-1000355 + https://jenkins.io/security/advisory/2017-04-26/ + + + 2017-04-26 + 2017-04-27 + + + codeigniter -- multiple vulnerabilities -- cgit v1.2.3