FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
22dc4a22-d1e5-11e4-879c-00e0814cab4ejenkins -- multiple vulnerabilities

Jenkins Security Advisory:

Description

SECURITY-171, SECURITY-177 (Reflective XSS vulnerability)

An attacker without any access to Jenkins can navigate the user to a carefully crafted URL and have the user execute unintended actions. This vulnerability can be used to attack Jenkins inside firewalls from outside so long as the location of Jenkins is known to the attacker.

SECURITY-180 (forced API token change)

The part of Jenkins that issues a new API token was not adequately protected against anonymous attackers. This allows an attacker to escalate privileges on Jenkins.


Discovery 2015-03-23
Entry 2015-03-24
jenkins
le 1.605

jenkins-lts
le 1.596.1

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23